Share via

ERR_SSL_PROTOCOL_ERROR After Configuring Custom Domain in Azure

Luis 156 Reputation points
2025-05-10T19:34:17.0333333+00:00

Hello,

I recently published an ASP.NET WebForms application to Azure. After purchasing a domain from Ionos, I uploaded their free SSL certificate to the app's custom domain in Azure. However, I'm intermittently encountering the ERR_SSL_PROTOCOL_ERROR in multiple browsers when accessing the application via the custom domain. The issue does not occur when using MyAppName.azurewebsites.net..

The application is configured to use TLS 1.3. I've tried flushing DNS, which sometimes helps, but the issue persists frequently enough to be a concern.

I’d appreciate any insights or suggestions on what else to check.

Thank you, Luis

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,776 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Suwarna S Kale 2,906 Reputation points
    2025-05-11T02:16:40.4666667+00:00

    Hello Luis,

    Thank you for posting your question in the Microsoft Q&A forum. 

    The intermittent ERR_SSL_PROTOCOL_ERROR with your custom domain (while the default azurewebsites.net URL works) suggests a misconfiguration between your Ionos SSL certificate and Azure’s TLS handling. First, verify that the certificate was correctly bound to the custom domain in Azure App Service’s TLS/SSL settings, and ensure it hasn’t expired or been revoked. Cross-check that the certificate’s Subject Alternative Name (SAN) includes your custom domain, as mismatches trigger protocol errors. 

    Next, confirm Azure’s TLS/SSL version support: While TLS 1.3 is enabled, some older Ionos certificates or browser configurations may conflict. Temporarily test with TLS 1.2 in Azure’s configuration to rule out compatibility issues. Additionally, inspect the SSL certificate chain missing intermediate certificates can cause intermittent failures. Use tools like SSL Labs’ SSL Test to diagnose chain completeness. 

    If the issue persists, re-upload the certificate in PEM format (including private key and intermediates) and ensure the custom domain’s CNAME record points precisely to MyAppName.azurewebsites.net without redirects. Finally, review Azure’s diagnostic logs for SSL handshake failures or consider replacing the Ionos certificate with Azure App Service Managed Certificates for seamless integration. 

    If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. Your contribution to the Microsoft Q&A community is highly appreciated. 

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.