ERR_SSL_PROTOCOL_ERROR when accessing n8n through Traefik reverse proxy

Bathala · January 28, 2025, 7:04pm

Hello n8n community,

I’m encountering an SSL issue while trying to access my n8n instance through a Traefik reverse proxy. When I attempt to load https://n8n.jmcruz.me in my browser, I receive the following error:"This site can’t provide a secure connection
n8n.jmcruz.me sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

My setup:

n8n and Traefik running in Docker containers
PostgreSQL as the database (in a separate container)
Ubuntu VPS
Domain: n8n.jmcruz.me

I’ve configured Traefik to use Let’s Encrypt for SSL certificates. Here’s my docker-compose.yml file:

version: '3'

services:
  traefik:
    image: "traefik"
    restart: always
    command:
      - "--api=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
      - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.$
      # ... other options ...
       - "--serversTransport.forwardingTimeouts.dialTimeout=30s"
      - "--serversTransport.forwardingTimeouts.responseHeaderTimeout=30s"
      - "--log.level=DEBUG"
      - "--accesslog=true"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /n8n/letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro



  n8n:
    image: n8nio/n8n
    container_name: n8n
    restart: always
    ports:
      - "5678:5678"
    environment:
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_HOST=n8n-postgres
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_USER=n8n
      - DB_POSTGRESDB_PASSWORD=n8npassword
      - NODE_ENV=production
      - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/
      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
      - N8N_LOG_LEVEL=debug
    volumes:
      - ~/n8n-data:/home/node/.n8n
    networks:
      - n8n-network
    labels:
      - traefik.enable=true
      - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
      - traefik.http.routers.n8n.tls=true
      - traefik.http.routers.n8n.entrypoints=web,websecure
      - traefik.http.routers.n8n.tls.certresolver=mytlschallenge
      - traefik.http.middlewares.n8n.headers.SSLRedirect=true
      - traefik.http.middlewares.n8n.headers.STSSeconds=315360000
      - traefik.http.middlewares.n8n.headers.browserXSSFilter=true
      - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true
      - traefik.http.middlewares.n8n.headers.forceSTSHeader=true
      - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME}
      - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true
      - traefik.http.middlewares.n8n.headers.STSPreload=true
      - traefik.http.routers.n8n.middlewares=n8n@docker

networks:
  n8n-network:
    external: true

volumes:
  traefik_data:

I’ve tried the following troubleshooting steps:

Set Traefik log level to DEBUG
Set n8n log level to debug
Ensured ports 80 and 443 are open
Checked DNS configuration for n8n.jmcruz.me
Restarted containers multiple times

Despite these efforts, I’m still unable to access the n8n editor due to the SSL error. Traefik logs don’t show any obvious errors related to certificate acquisition.Can anyone help identify what might be causing this SSL issue or suggest additional troubleshooting steps? Any assistance would be greatly appreciated.

Thank you in advance for your help!

Note:

I have a working n8n server before, been using it for a month without problem before I decided to switch to PostgreSQL and that’s when all this problem occurred. I followed the instruction here: n8n - Docker Compose Installation

I’m still trying to figure things out regarding running a server, so I apologize if this comes across as a beginner’s question. I’ve been attempting to solve this problem for the past two days with the help of this forum and AI, but I’m starting to feel overwhelmed and ready to give up.

n8n · January 28, 2025, 7:04pm

It looks like your topic is missing some important information. Could you provide the following if applicable.

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

Imran_Khan1 · April 14, 2025, 6:54am

I am facing the same issue on Contabo VPS

john_wilson_r55 · May 14, 2025, 10:56pm

I’m having the exact same issue as @Bathala Does anyone have an answer for this?

n8n version: whatever this docker image uses - docker.n8n.io/n8nio/n8n
Database: SQLite
n8n EXECUTIONS_PROCESS setting: whatever the default is
Running n8n via: Docker
Operating system: Ubuntu 24.04

I followed the same instructions that Bathala did here n8n - Docker Compose Installation

john_wilson_r55 · May 14, 2025, 11:07pm

Just figured out the problem, sort of. The DNS record is managed in Cloudflare and the record was set to “Proxied”, so I turned that off to set it to “DNS only”. And I can now get to the n8n site. But now it says the certificate (created by traefik) is not valid.
Screenshot 2025-05-14 at 6.05.36 PM

King_Samuel_David · May 14, 2025, 11:17pm

You could use a clouflare tunnel,

This way its quite secure too, and all this is handled. When in cloud flare too, you should force SSL for that domain. no need for trafik if your domain is at cloudflare.

Geoffrey_T · May 15, 2025, 10:48am

Your certificate is for a different domain, so it’s not covered by your certificate. You’ve misconfigured something in your instance of Traefik. I had a similar issue with Nginx proxy manager - and it was as simple as using the wrong email email address for the DNS challenge.

john_wilson_r55 · May 15, 2025, 2:20pm

Turns out, it ended up just working after reloading after a min or so.

aldivna · June 13, 2025, 6:25am

The error ERR_SSL_PROTOCOL_ERROR that you are facing on rann8n instance through a Traefik reverse proxy . It is an issue with SSL protocol that generates an encrypted connection between a website’s browser and the server. It is also known as This site can’t provide a secure connection error or [Your connection is not private] . It occurs when a website has SSL certificate issues or problems with the HTTPS protocol.

As, I have been faced by this error and Waited a bit and refreshed, and it just started working—seems like Traefik needed a moment to reload the certs or routes. Even, I found the helpful resource article in detail for the error solution.

Glad it wasn’t something bigger! Hope it helps!