Hi all — looking for help diagnosing what looks like a Vercel edge-POP cert sync issue for csvmoney.com
Symptom
HTTPS to csvmoney.com fails with ERR_SSL_PROTOCOL_ERROR from residential ISPs (verified from US, UK, Canada, Japan, Spain via locabrowser.com — all show “no response available”). But works fine from datacenter probes (uptrends.com geo-test returns 200 in 0.1-0.8s from Seattle, Vancouver, NY, LA, Montreal, Tampa, San Diego, Honolulu, Guadalajara).
From my own machine: home Wi-Fi fails, phone hotspot works.
openssl handshake fails with:
error:0A00010B:SSL routines:tls_validate_record_header:wrong version number
SSL handshake has read 5 bytes and written 1470 bytes
No peer certificate is presented. Same Vercel anycast IPs (216.198.79.x / 64.29.17.x) successfully serve other domains on my account (nycpropertyintel.com) from the SAME affected network paths.
State on my side
vercel certs lsshows 4 valid certs for csvmoney.com (ages 2d, 3d, 63d, 64d) — none being served at affected POPs- Vercel dashboard shows csvmoney.com → “Valid Configuration”
vercel domains inspect csvmoney.comreportsProjects: [empty](dashboard/API state appears to disagree)- Production deployment is “Ready” (dpl_3PF7Z7PD1iB4cK5LhWbAPqggsRYe)
What I’ve tried
- Force redeploy via
vercel redeploy— completed, no change - Remove + re-add domain via dashboard Domains page — no change
- Clicked “Refresh” on domain — no change
- Verified DNS resolves correctly to Vercel anycast
Hypothesis
This looks like an edge POP cert binding desync — some POPs have the cert, others don’t, and which POP a visitor hits depends on BGP routing (so residential ISPs hit broken POPs, datacenters hit working ones).
Has anyone seen this pattern before? Is there a way to force a global cert resync from the Hobby plan, or is this strictly something Vercel staff has to do on their side?