My custom domain www.mat-profi.ru shows "Valid Configuration" in the Vercel dashboard, but the site returns an SSL/TLS error in the browser and the SSL handshake fails in curl diagnostics.
**Project:** study
**Plan:** Hobby
**Default domain (working):** study-sand.vercel.app ✅
**Custom domain (broken):** www.mat-profi.ru ❌
**DNS is correct:**
schannel: failed to receive handshake, SSL/TLS connection failed
TCP connection on port 443 establishes successfully, but the TLS handshake fails. Ping to all Vercel IPs (216.198.79.1/65/129/193 and 64.29.17.1/65/129/193) works with 0% packet loss.
The domain worked fine until about 1 month ago and stopped without any changes on my side. I have tried redeploying and re-adding the domains in the dashboard multiple times.
Dashboard shows "Valid Configuration" for both mat-profi.ru (A record → 216.198.79.1) and www.mat-profi.ru (A record → 216.198.79.1).
What could prevent Vercel from completing the SSL certificate provisioning for this domain?
Same issue. Project: rentclaim, Domain: rentreclaim.xyz. Dashboard shows Valid Configuration, rentclaim.vercel.app works, but rentreclaim.xyz fails SSL handshake on Safari and WebKit. DNS: rentreclaim.xyz → 216.198.79.1. Started recently with no changes on our side.
Since the .vercel.app domain works and TCP reaches 216.198.79.1:443, I’d treat this as a domain/certificate provisioning path issue rather than a Next.js/deployment issue.
I’d check the certificate blockers Vercel calls out before re-adding the domain again:
If DNS, CAA, and _acme-challenge all look clean but the handshake still fails while the Vercel dashboard says the configuration is valid, then it’s probably something Vercel support/community staff would need to inspect on the certificate provisioning side.
