On a recently launched Netlify website, we are seeing intermittent ERR_SSL_PROTOCOL_ERROR in Chrome.
Intermittent here means it comes and goes within 10 minutes on a single machine+browser, but can come back as a problem a day or two later; about 1 in 3 accesses is problematic. We’ve observed the issue across multiple machines, across Europe.
Our setup is:
DNS hosted by DNSimple, DNS for website changed to point to Netlify domain within last week
Multi-domain Lets-Encrypt certificate with root domain and www subdomain
www subdomain redirected to root domain
Example problem request: x-nf-request-id: 5d518df9-3ee3-4c4b-b06b-b9805705a108-20294118
Har file available on request.
Any ideas as to what the problem might be?
There appear to be reports of similar issues on the forum, but no suggestions for resolution, other than wait and it went away.
Thanks for writing in. There are a few DNS issues that are likely causing this. When I run host, this is what I see:
$ host semeris.com
semeris.com has address 126.96.36.199 <--- one of our CDN nodes
semeris.com has address 188.8.131.52 <--- one of our CDN nodes
semeris.com has address 184.108.40.206 <--- AWS
For the www, I see (this one looks alright ):
$ host www.semeris.com
www.semeris.com is an alias for clever-mahavira-a8465b.netlify.app. <--- us
clever-mahavira-a8465b.netlify.app has address 220.127.116.11 <--- one of our CDN nodes
clever-mahavira-a8465b.netlify.app has address 18.104.22.168 <--- one of our CDN nodes
Create an A record pointing semeris.com to our load balancer, 22.214.171.124
So that’s part 1 The second part of this is that, if you’re not using Netlify DNS, we recommend making the www address your primary address, with the bare domain redirecting to that. This is something you’ll do in the Netlify UI. Here’s a long article about why, but the gist is that it results in better performance for your site visitors (especially if you’re based in Europe, far from our load balancer in SF):
Let us know if this helps or we can answer any follow-up questions!
DNSimple, our domain and DNS hoster, has a special DNS record called URL that does HTTP redirects. The URL record (not an RFC standard) converts to A and AAAA records.
We had an ALIAS record for semeris.com, that converts to 2 A records on the fly, plus a URL record, that converts to a single A record on the fly. The A records from the ALIAS point to Netlify, whilst the A record from the URL point to a DNSimple AWS server which does the redirect. Each A record points to an IP address.
Each time someone made an HTTP(S) request to semeris.com, they would receive at random an IP address related to one of the generated A records. Thus, two out of three times, they would get a Netlify server (all okay) and one out of three times, a DNSimple server (problem). Hence, the intermittent issue.
We removed the URL record and after waiting 1 - 2 hours for that change to fully propagate, it all seemed to work properly. In a couple of days, we will look at the other suggestions made.