This is happen recently.
Alll the new virtual server I created, after successfully requesting Let’s Encrpyt SSL Cert,
1/ Preview website works fine
2/ OpenSSL works fine loading the new cert too
3/ Access via browser always result in :
This site can’t provide a secure connection
ERR_SSL_PROTOCOL_ERROR

Only TLS 1.2 and 1.3 is checked.

This is also happen for the disabled site that have expired SSL Cert, after being enabled and successfully requesting Let’s Encrpyt SSL Cert, browser still detect old expiring cert.

Already check the Apanche VirtualHost config, it already have a correct path to the new cert.

Any of you guys experiencing same problem? Any Solution?

Yes, check the topics of the last few days in the forum.

Can you help me on what topics?
I have been searchig all night long, but didn’t find any clue.

maybe this :

I have tried to add the ip6:443 on the VirtualHost

<VirtualHost xxx.245.117.82:80 [xxxx:4f8:c013:5b49::1]:80>
<VirtualHost xxx.245.117.82:443 [xxxx:4f8:c013:5b49::1]:443>

and restart httpd

but still have :
This site can’t provide a secure connection
ERR_SSL_PROTOCOL_ERROR

dont know, maybe almalinux 8 doesn’t support tlsv1.3? (or your browser, if its very old? )
you could try with older protocols. tlsv1 + tlsv1.1, see if that works.
if not, maybe something’s wrong in web config/cert/other. (can’t make guesses without details like logs/configs.)

Apache Error Log:

[Fri Oct 10 12:27:07.381106 2025] [ssl:warn] [pid 678680:tid 140103480002880] AH01906: domain:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

VirtualHost Config:
<VirtualHost ip4:443 [ip6]:443>
ServerName domain
ServerAlias www.domain
ServerAlias mail.domain
DocumentRoot /home/domain/public_html
ErrorLog /var/log/virtualmin/domain_error_log
CustomLog /var/log/virtualmin/domain_access_log combined
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/paketb/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Require all granted

<Directory /home/paketb/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
SetHandler proxy:unix:/var/fcgiwrap/17600740033051500.sock/socket|fcgi://localhost
ProxyFCGIBackendType GENERIC

Protocols h2 h2c http/1.1
ProxyPass /.well-known !
<FilesMatch .php$>
SetHandler proxy:unix:/run/php-fpm/17600740033051500.sock|fcgi://127.0.0.1

ScriptAlias /cgi-bin/ /home/domain/cgi-bin/
ScriptAlias /awstats /home/domain/cgi-bin/awstats.pl
RemoveHandler .php
RemoveHandler .php7.2
RemoveHandler .php7.4
RemoveHandler .php8.0
RemoveHandler .php8.1
RemoveHandler .php8.2
RemoveHandler .php8.3
RemoveHandler .php8.4
SSLEngine on
SSLCertificateFile /etc/ssl/virtualmin/17600740033051500/ssl.cert
SSLCertificateKeyFile /etc/ssl/virtualmin/17600740033051500/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
RedirectMatch ^/awstats$ /awstats/

AuthName “paketb.nectarweb.co.id statistics”
AuthType Basic
AuthUserFile /home/paketb/.awstats-htpasswd
require valid-user

SSLCACertificateFile /etc/ssl/virtualmin/17600740033051500/ssl.ca

KeepAlive on

==
The config of the virtualhost are identical with the other virtual server that is made before. But only this domain and other new domain created recently have problems.

I already check the SSL cert file manually, and it’s correct,
and of course i use latest chrome and firefox

image1514×664 75.7 KB

I get a valid certificate for this domain

image575×721 44.6 KB

yes, me too.
try again in a new private tab. or clear caches/site data from the browser.

image550×394 25.8 KB

On the down checker, it’s down.

Weirdly, when i use mboile phone data 5G, i can access it well.

using other connection, it’s result on ERR_SSL_PROTOCOL_ERROR
I already use clean browser to access it too.

image767×568 42 KB

image1113×639 33.2 KB

I think the problem is that, the SSL is not loaded on the IP4

You are using cloudflare on this domain, I don’t use cloudflare but maybe there is a setting there that needs to be adjusted ?

All of my other domain is also using cloudflare.

And working fine, i didn’t change “default” free plan settings on the CloudFlare.

testssl says no certificate is used.. so if virtualmin/server is ok, i’d guess cloudflare is blocking traffic (or linode?) .
good luck.

I can not get nectarweb.co.id to resolve, it’s slightly unusual for a sub domain to resolve and not it’s parent, not saying this has any bearing on the problem, just odd.
I have now tried 4 different browsers (including samsung phone browser) and the site always returns a valid ssl certificate so I have no idea what your problem is

I have contact linode support too, this is their answer:

Hello,

From my end when accessing the site it loads fine and shows that the SSL certificate is valid and expires January 6th 2026. When running a curl against the domain it also shows that there is an valid SSL although the IP address referenced is associated with 172.104.32.216:

It appears that the domain is connecting over ipv6 which does provide the proper TLS connection although it looks like SSL over IPv4 causes issues which may explain the inconsistency.

To fix this issue you will want to ensure the SSL/TLS certificate installed for IPv4 has the same one as the IPv6 host.

Please let us know if you have any further questions so that we may provide additional assistance.

================

Yeah it seems that all of your connection is using Ip6, ip6 can load correct SSL.

I don’t know why and how to fix the ip4

probably dns (= cloudflare)

Cloudflare just do that, nothing much.

I don’t understand why the ip4 is loading no certificate while ip6 is.

clutching at straws here

image1235×357 28.6 KB

image1357×607 43.9 KB