How do I resolve “ERR_SSL_PROTOCOL_ERROR” and "The request could not be satisfied" errors in CloudFront?

3 minute read
0

I'm using an Amazon CloudFront distribution to serve content. However, viewers receive one of the following errors when they try to access the content through a web browser: "ERR_SSL_PROTOCOL_ERROR" or "The request could not be satisfied". Why is this happening, and how do I resolve the issue?

Short description

CloudFront can return "ERR_SSL_PROTOCOL_ERROR" and "The request could not be satisfied" errors for two reasons:

  • The CloudFront distribution's alternate domain name is incorrect or has an empty value.
  • (For HTTPS only) The CloudFront distribution's security policy doesn't support the SSL/TLS protocol that's used by the web browser.

To resolve the issue, first verify that your distribution's alternate domain name is configured correctly. Then, review your distribution's security policy to confirm that the policy supports the SSL/TLS protocols used by your viewers' web browsers.

Resolution

Verify that the distribution's alternate domain name is configured correctly

1.    Open the CloudFront console.

2.    In the left navigation pane, choose Distributions. The Distributions page opens.

3.    In the ID column, Choose the ID of the distribution that's returning the error.

4.    In the Settings section, review the Alternate domain names value. Make sure that the value listed matches domain name that you want to use for your distribution's alternate domain name.

5.    If the Alternate domain names value is incorrect, update your distribution's alternate domain name. For instructions, see Adding an alternate domain name in the CloudFront Developer Guide.

Note: If the errors persist and your serving content over HTTPS, make sure that you also review the distribution's security policy.

(For HTTPS only) Review the distribution's security policy to confirm that the policy supports the SSL/TLS protocols used by your viewers' web browsers

1.    Open the CloudFront console.

2.    In the left navigation pane, choose Distributions. The Distributions page opens.

3.    In the ID column, choose the ID of the distribution that's returning the error.

4.    In the Settings section, review the Security policy value. Make sure that policy that's listed supports the SSL/TLS protocols used by your viewers' web browsers. For more information, see Supported protocols and ciphers between viewers and CloudFront.

5.    If the distribution's security policy doesn't support the SSL/TLS protocols used by your viewers' web browsers, then update your distribution's security policy. For instructions, see Updating a distribution in the CloudFront Developer Guide.


Related information

Configuring alternate domain names and HTTPS

AWS OFFICIAL
AWS OFFICIALUpdated 2 years ago