Hey guys, we spent the past 2 months working on a Webflow site and preparing to migrate our website https://respond.io/ from WordPress to Webflow and today was finally the release date. Sadly the release failed… miserably
As soon as we changed the DNS records, the site was no longer accessible. Regardless of how long we waited, or how many times we cleared cache. The error we received was: ERR_SSL_PROTOCOL_ERROR
These are the steps we followed to change the DNS settings:
In Webflow Project Settings we added the custom domain, and we selected the root domain (without WWW) as the default. Important: we want to use the root domain as the default as we already built a considerable SEO rank to that destination.
We went back to the Webflow Project Settings, verified both domains (both were confirmed to be verified) and re-published the site.
And nothing… just the error. We waited one hour and still wasn’t working. We tried the troubleshoot options described in the other forum posts: turning SSL on and off, clearing cache, republishing, changing the WWW default and then back to Root default. But still, nothing worked.
We decided to revert back the DNS to point to our Wordpress hosting until we can find a solution. Hope someone can help me identify the issue!
Hi @salandragk thank you for posting here to check your DNS settings as you were publishing your new website, it looks great!
It looks like the DNS records were still propagating, but they have now and your SSL Certificate was successfully issued. I’m seeing your website live on this side without any issues.
Can you please let me know if you’re still seeing the ERR_SSL_PROTOCOL_ERROR on that side? Thanks again!
The website that is currently live is our old WordPress site. We decided to revert back the DNS to point to our WordPress hosting until we can find a solution
After the DNS change, both (1) the CNAME for the “www” subdomain and (2) the A record for the root domain, are propagated instantaneously. So I am confident it’s not a propagation issue.
Hi @salandragk thank you so much for following up, I greatly appreciate it!
DNS records can take up to 48 hours to propagate globally, though it typically happens faster than that. The CNAME record on the root domain will instead return a set of dynamic A records when you perform a DNS look-up, so a DNS look-up won’t return that CNAME record on the root domain.
My recommendation would be to set your DNS records to point to Webflow as you had them before. Then publish your site without setting a default domain. Once your Webflow site is live then you should be able to set the default domain thereafter and republish the site to your custom domain.
Please let me know if this is helpful or if you have any additional questions.
I’m happy to help you further!
Together with Webflow’s support, we ruled out propagation as the reason for the site not loading. DNS Checkers have confirmed that in about 10 seconds from changing both A records for the root domain and Cname for www to be fully propagated (checks out, unless someone still uses DNS provider from the 90s, propagation rarely takes more than a couple of minutes).
Webflow’s support hypothesis is that it’s due to a rate limit on Let’s Encrypt. They suggested I wait 7 days and then try again.
I did some research, and I find that rather unlikely.
Based on the certificate logs here. Only 14 certificates have been created in the previous 7 days. Most on Sunday when we tried to do the initial DNS change, it failed, and we attempted the troubleshooting steps in the Webflow forums.
I am genuinely concerned about moving to Webflow now. We are a business that strongly relies on website traffic, and these downtimes are severely affecting our operations. We can’t wait 7 days and postpone all our marketing campaigns just to find out the issue was not the rate limit and have to start everything all over again.
You are correct in the 50 per week limit per domain, but they are also subject to a Duplicate Certificate limit of 5 per week. This is the limit that was met when trying to provision an SSL for your project.
Thanks for reaching out to our Customer Support Team about this as well. I will continue to work with you through your support request to get this resolved.
Thanks Drew, truly appreciate the time taken to explain the situation, this gives us peace of mind.
It is now clear to us what happened. During our first attempt to publish, multiple factors caused 5 separate certificates to be issued for the same domain, making us reach the Let’s Encrypt rate limit of 5 Duplicate Certificates per week.
I am glad to hear the issue has been identified and a fix has been released.
We will try to change the DNS again and publish our Webflow site once 7 days from the first attempt has passed. Crossing finger it all goes smooth this time.
The issue has been resolved. Waiting 7 days and trying again solved the issue for us.
For anyone reading this post in the future, if you are getting the error ERR_SSL_PROTOCOL_ERROR, use the following tool to diagnose if your domain has reached any Let’s Encrypt rate limit: letsdebug-toolkit
If the tool shows that your domain has reached any of the multiple rate limits imposed by Let’s Encrypt, you will have to wait 7 days and try again. Good luck!