An SSL certificate is crucial to your website’s safety and establishing trust with your audience over the internet. This also means that browsers can present your website as unsafe if your SSL certificate fails or expires.
In this article, we’re talking about the “SSL_error_handshake_failure_alert” error, its causes and what you can do to fix the problem.
What causes this error?
The error is mainly caused by the SSL handshake between the browser and the website failing to authenticate. Other common causes include:
- Misconfigured browser configuration settings.
- Corrupt browser cache or data.
- Invalid SSL certificate.
Also read: How to fix SSL_Error_No_Cypher_Overlap?
How to fix this?
Here are 12 fixes you can try out.
Restart your router
Power cycling your network equipment is the fix to more issues than you think. More often than not, connectivity issues can be caused by an underlying bug in your router and can be fixed by rebooting.
Get a reliable SSL certificate
If you’re getting your certificates from a not-so-popular issuing authority, chances are your SSL certificate is at fault. We recommend using LetsEncrypt or ZeroSSL to get SSL certificates that don’t cause such problems.
Remove any third-party firewalls
If you’re using any other firewalls apart from the default Windows one, chances are it’s sending an RST to Firefox to terminate the attempted connection between the browser and the web server.
Try disabling or removing the firewall to check if the browser works without one. If it does, either remove the firewall or add an exception for Firefox in the firewall settings.
Updating your browser to the latest version available can also help resolve any security issues. To update Firefox, head to the Settings page, scroll down to the Firefox Updates section and check for any available updates.
If any updates are available, install them, restart the browser and try again.
Also read: How to fix SSL_error_internal_error_alert?
Update your TLS version
If your web server is using an older version of TLS, you need to upgrade your TLS/SSL library to support the latest standard. While your hosting provider should automatically implement this, in case, you see the error, updating the library manually shouldn’t be too much of a hassle.
You will need to contact your hosting provider for the exact steps.
Check SSL and TLS protocols
Firefox not enabling the SSL3 and TSL1 protocols by default can also cause this error as the browser would then not be able to recognise older certificates. Here’s how you can enable them,
Step 1: Open Firefox and type about:config in the URL bar. Once the page loads, type in tls in the search bar to bring up all TLS-related configurations.
Step 2: Look for any configurations in bold as they changed from their default values, and click the reset icon at the far right.
Step 3: Now repeat the process for SSL-related configurations by searching for ssl3 to bring up any configurations you might need to fix.
Once done, restart your browser, and you should be good to go.
Add the site to the insecure fallbacks list
If you trust the website you’re visiting to be secure; you can add its URL to the insecure fallbacks list, which tells Firefox not to look for an SSL certificate on a particular site. Here’s how.
Step 1: Open Firefox and type about:config in the URL bar. Once the page loads, type in security.tls.insecure_fallback_hosts in the search bar to bring up the list and click the edit icon in the far right.
Step 2: Enter the website’s URL and hit enter.
Restart Firefox and the error should be gone.
Bypass Firefox encryption protocols
Finally, you can bypass Firefox’s encryption protocols to get to the site you want. Do remember that it’s not recommended to do this as it’ll open you to risks from unknown and potentially malicious websites.
All you have to do is open Firefox and head to about:preferences#privacy. Once on the page, uncheck the Block dangerous and deceptive content setting under Security.
Clear your browser’s cache
Corrupt files in your browser’s cache can cause many problems, including this one. Here’s how you can clear out the cache in Firefox.
Step 1: Click on the hamburger menu icon in the top right and click Options.
Step 2: Head over to the Privacy & Security tab.
Step 3: Scroll down to Cookies and Site Data and click on the Clear Data… button.
Step 4: Check Cookies and Site Data as well as Cached Web Content and click on Clear.
Restart your browser and try accessing the site again. This should resolve the issue.
The error can also be caused by a faulty extension interfering with Firefox’s functionality. Head over to Firefox’s Addons page and disable any active extensions.
Once they’re all disabled, restart the browser and try connecting to the site again. If you can, enable extensions one at a time until you get the error again. The latest extension that you enabled here is causing the issue.
Use the Safe mode
In conjunction with the last solution, try restarting Firefox in safe mode with any add-ons disabled to see if you can access the site.
Step 1: Head over to Firefox and click the hamburger menu icon in the top right. Click on Help.
Step 2: Click on Troubleshoot mode.
Your browser will now restart in safe mode. Try accessing your site again. The issue should be fixed.
Delete existing certificates
Deleting existing saved certificates and then adding them again by visiting the site can also help fix the issue as it resets the certificate saved in the browser ensuring the latest version is being used.
Step 1: Open Firefox and head to about:preferences#privacy. Once on the page, click View Certificates… under Certificates.
Step 2: Find the problematic certificate, select it and click Delete or Distrust.
Also read: How to fix SSL_error_bad_cert_domain?