Setting up a Secure Sockets Layer (SSL) certificate for your website has never been easier. You can generate certificates for free, and many hosting providers even set them up for you. However, if you don’t set up your certificate correctly, you may encounter errors such as “SSL handshake failed”.
The “SSL handshake failed” error occurs when your browser and the server fail to establish a secure connection. This article explains what an SSL handshake is and what to do if you cannot establish one.
Let’s go !
What is an SSL handshake?
As you may know, an SSL certificate validates the “identity” of your website. It does this by using a cryptographic key that your browser checks to make sure the certificate is valid. Once the connection is established, your browser can decrypt the content that the server sends to it.
This process is called a “handshake”. Here’s how it works in more detail:
- You visit a website with an SSL certificate and your browser sends a request for data.
- The server sends the browser an encrypted public key.
- Your browser verifies this key and sends its encrypted key back to the server.
- The server decrypts the key and sends the encrypted content back to your browser.
- Your browser decrypts the content (completing the handshake).
It all happens in a matter of seconds. SSL certificates and HTTPS allow your website to transmit data securely, without affecting its performance. An SSL certificate is therefore essential for any website. However, like any element of your site, it can occasionally create special problems.
What causes the “SSL Handshake Failed” error?
The “SSL handshake failed” error tells you exactly what the problem is. It appears when your browser is unable to establish a connection with a Web site that has an SSL certificate:
In this example from a website using Cloudflare, you can see that the “SSL handshake failed” error is code “525”. Thus, the error can be caused by both server-side and client-side problems.
The most common causes of the “SSL handshake failed” error are:
- Your local device has the wrong date or time
- The browser does not support the latest SSL protocol
- Your SSL certificate is not valid
- There is a problem with your SNI (Server Name Identification) configuration
- There is a problem with your Content Delivery Network (CDN), such as Cloudflare
This list includes two local issues, two that are related to your website’s server and one that is specific to a third-party service. In the following sections, we’ll look at how to fix each of these issues.
How to fix the “SSL Handshake Failed” error (5 ways)
We’ll start by showing you how to fix the client-side issues that can cause the “SSL handshake failed” error. These solutions are quite simple. However, if they don’t work, we’ll move on to more technical solutions that you can try.
1. Update the date and time on your local device
When your browser attempts to establish an SSL handshake, it checks the certificate against the date and time of your computer. It does this to verify that the SSL certificate is still valid.
If your local device’s date and time are off, this can cause errors in the verification process (i.e., there is no handshake). Fortunately, there is a simple solution to this problem.
On a Windows device, open the Start menu and type Date & Time settings. Select the option that appears and a new window will open. Enable the Set time automatically setting and make sure your time zone is correct:
Check that your date is now correct, then try reloading the website.
Here is how to correct the date and time on other operating systems (OS):
If correcting the date and time on your local device does not work, you can move on to the next correction.
2. Make sure your browser supports the latest TLS protocol
In some cases, the “SSL handshake failed” error is due to browser problems. The most common problem is that your browser does not support the Transport Layer Security (TLS) protocol used by your certificate.
Simply put, SSL and TLS are both authentication protocols, and your certificate can use either one. Modern browsers support both protocols, but older versions may not.
The easiest way to determine if your browser is the cause of the problem is to use a different browser. If the “SSL handshake failed” error does not appear in other browsers, the problem may be in the original browser.
To solve this problem in Windows, open the Start menu and type Internet Options. Select the option that appears and go to the Advanced tab . Scroll down the list of settings until you find the options for SSL and TLS settings:
Ideally, you should uncheck the box for SSL 3 and 2 (if you see these options). You should only check the boxes for TLS 1, 1.1 and 1.2.
Then save the changes in your Internet options and try to access the website again. Note that if you are using macOS or iOS, TLS 1.2 should be enabled by default.
3. Make sure your SSL certificate is valid
SSL certificates have expiration dates. This is a built-in feature that requires you to renew the certificate at some point and validate your domain ownership.
If your SSL certificate expires, your browser will not be able to establish a handshake. Depending on your SSL certificate provider, you will likely receive notifications well before the certificate expires so you can renew it.
Nevertheless, it’s worth checking if you’re unsure of your certificate’s expiration date. To do this, you can use a tool such as SSL Server Test :
This service will return a lot of information about your website’s SSL certificate. If the certificate has expired, you will see when its validity expired:
In this case, you will need to re-issue and install the SSL certificate on your website. Depending on your hosting company, they may be able to help you with this.
4. Check the Server Name Identification (SNI) configuration of your server
If you are using a shared server to host your website, you may experience problems with multiple SSL certificates. Hosting companies use proper Server Name Identification (SNI) configuration to ensure that when visitors try to access your site, they get the correct SSL certificate (and not one from another property).
Generally speaking, most reputable web hosts have no problems with SNI configuration. Also, if you are not using a shared server, you can skip to the next fix.
If you want to be 100% sure that your web host has no problems with SNI configuration, you can contact their support for help. On a shared server, you will not be able to access this configuration directly. If this proves to be the problem, you may want to consider switching to a more robust hosting plan.
5. Pause Cloudflare to test your SSL certificate
If you are using Cloudflare, the “SSL handshake failed” error may be due to a problem connecting to your website. The easiest way to test it is to temporarily disable it.
Fortunately, Cloudflare offers a “pause” feature that you can use to disable the service at any time. Once this is done, we recommend clearing your browser’s cache before trying to access your website again.
If the SSL contact error has disappeared, you can contact Cloudflare to determine the nature of the problem. While you wait for a response, disable the CDN so that other users can access your website as well. On the other hand, if the SSL error persists, it is probably due to a configuration error on your server (see above).
Conclusion
The “SSL handshake failed” error is relatively easy to fix, as long as you know its potential causes. The error may be due to a problem with your local device settings, your server configuration or your CDN.
Here is what you need to do to fix the “SSL handshake failed” error:
- Update the date and time on your local device.
- Make sure your browser supports the latest TLS protocol.
- Make sure your SSL certificate is valid.
- Check your server’s SNI configuration.
- Pause Cloudflare to test your SSL certificate.
Have questions about how to fix the “SSL handshake failed” error? Let’s talk about it in the comments section below!
Featured Image via vladwel / shutterstock.com
