I'm using an Amazon CloudFront distribution to serve content. However, viewers receive one of the following errors when they try to access the content through a web browser: "ERR_SSL_PROTOCOL_ERROR" or "The request could not be satisfied".
Short description
CloudFront can return "ERR_SSL_PROTOCOL_ERROR" and "The request could not be satisfied" errors for two reasons:
- The CloudFront distribution's alternate domain name is incorrect or has an empty value.
- (For HTTPS only) The CloudFront distribution's security policy doesn't support the SSL/TLS protocol that's used by the web browser.
To resolve the issue, first verify that your distribution's alternate domain name is configured correctly. Then, review your distribution's security policy to confirm that the policy supports the SSL/TLS protocols used by your viewers' web browsers.
Resolution
Verify that the distribution's alternate domain name is configured correctly
- Open the CloudFront console.
- In the left navigation pane, choose Distributions. The Distributions page opens.
- In the ID column, Choose the ID of the distribution that's returning the error.
- In the Settings section, review the Alternate domain names value. Make sure that the value listed matches domain name that you want to use for your distribution's alternate domain name.
- If the Alternate domain names value is incorrect, then update your distribution's alternate domain name. For instructions, see Use custom URLs by adding alternate domain names (CNAMEs).
Note: If the errors persist and your serving content over HTTPS, make sure that you also review the distribution's security policy.
(For HTTPS only) Review the distribution's security policy to confirm that the policy supports the SSL/TLS protocols used by your viewers' web browsers
- Open the CloudFront console.
- In the left navigation pane, choose Distributions. The Distributions page opens.
- In the ID column, choose the ID of the distribution that's returning the error.
- In the Settings section, review the Security policy value. Make sure that policy that's listed supports the SSL/TLS protocols used by your viewers' web browsers. For more information, see Supported protocols and ciphers between viewers and CloudFront.
- If the distribution's security policy doesn't support the SSL/TLS protocols used by your viewers' web browsers, then update your distribution's security policy. For instructions, see Update a distribution in the CloudFront Developer Guide.
Related information
Configure alternate domain names and HTTPS