How to fix this site can’t provide a secure connection

Question

I tried to visit https://archiveofourown.org/ on Google but was met with this error. I can access other sites without issue, and have done things such as

1. Checking and restarting my device's date & time
2. Clearing my browser's cache/cookies
3. Disabling QUIC protocol
4. Disabling my antivirus, firewall, and extensions
5. Restarting my router

What do I do now?

Answer 1

Looks like the issue is on their end.

Their site is now down.

It tells users to get status update from here: https://www.otwstatus.org/

Answer 2

Since other sites work and common fixes are already tried, focus on TLS/SSL and Edge-specific settings on Windows 11.

1. Test in Microsoft Edge
   • Open Edge and try the same site.
   • If Edge shows a certificate or TLS error while other HTTPS sites work, the issue is likely with how Edge/Windows negotiates TLS with that specific site.
2. Check for very old or weak certificates
   • Some sites still use weak keys or outdated ciphers. Windows and modern browsers can block these.
   • If the site uses an RSA certificate with a key length under 1024 bits, Windows updates (KB2661254 and related changes) will block the connection. In that case, only the site owner can fix it by installing a compliant certificate.
3. Verify the site’s certificate trust chain on Windows
   • In Edge, open the site and view the certificate details (if possible) to see if there is an error like CERT_E_UNTRUSTEDROOT (0x800b0109).
   • On Windows 11, open mmc.exe as administrator → File → Add/Remove Snap-in → Certificates → Computer account → Local computer.
   • Expand Trusted Root Certification Authorities → Certificates and confirm that the issuing root CA for the site is present.
   • If the root CA is missing, import the correct root certificate into Trusted Root Certification Authorities on the local computer.
   • Also ensure there are no non–self-signed certificates incorrectly placed in Trusted Root Certification Authorities; move any such certificates to Intermediate Certification Authorities.
4. Check TLS protocol support on the client
   • If the browser is configured to use only newer TLS versions (for example, TLS 1.1 and TLS 1.2) and the site only supports older ones (for example, TLS 1.0), the handshake fails and the browser reports that a secure connection cannot be provided.
   • On Windows, TLS support is controlled under: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL\\Protocols
   • For each protocol (TLS 1.0, 1.1, 1.2, etc.), check the Enabled DWORD. A value of 1 means enabled; 0 means disabled.
   • If only very new protocols are enabled and the site is older, enabling the matching TLS version may allow the connection. (Changes here affect system-wide security; only adjust if comfortable and aware of the risk.)
5. Check for RC4/SSL3 or legacy cipher dependencies
   • Some legacy sites still depend on RC4 or SSL 3.0. Modern Edge/Windows disable these by default.
   • RC4 is no longer supported in Edge/IE 11. It can be re-enabled only by turning on SSL 3.0, which is strongly discouraged because of security risks.
   • If absolutely necessary for a legacy site and only as a temporary test, SSL 3.0 can be enabled in Internet Options:
     • Open Internet Explorer (or Internet Options via Control Panel) → Internet Options → Advanced → Settings → Security → enable Use SSL 3.0.
   • If enabling SSL 3.0 allows the site to load, the site is using obsolete, insecure protocols and should be considered unsafe; the long-term fix must come from the site owner.
6. Check Edge experimental TLS flags
   • In some cases, experimental TLS features in Edge can cause compatibility issues with certain sites.
   • In Edge, go to edge:flags, search for TLS, and temporarily disable features such as 1.3 Post-Quantum Key Agreement.
   • Restart Edge and test the site again. If it loads, the issue is a compatibility problem between that experimental feature and the site’s TLS stack.
7. If the problem persists
   • If other HTTPS sites work, and this one site consistently fails even after these checks, the most likely cause is that the site’s certificate, cipher suite, or protocol configuration is incompatible with current Windows/Edge security requirements.
   • In that case, only the site administrator can fully resolve the issue by updating the server certificate (sufficient key length, trusted CA) and enabling modern TLS versions and ciphers.

---

References:

• Web browsers can't connect to a website by using SSL with KB2661254 installed
• Troubleshooting SSL related issues (Server Certificate)
• HTTP Error 403.16 when you try to access a website that's hosted on IIS
• RC4 cipher is no longer supported in Internet Explorer 11 or Microsoft Edge
• My edge is blocking literally almost all sites or address I want to visit. - Microsoft Q&A