---
id: 82d410a0-4d87-4905-b054-a1fe45c93eea
type: solution
title: "Brave ERR_SSL_UNRECOGNIZED_NAME fix for local reverse proxy with Cloudflare DNS"
tags: [brave, chrome, ssl, ech, cloudflare, pihole, npm, networking, fix]
importance: 0.8
confidence: 0.8
created: "2026-02-08T04:44:36.127352+00:00"
updated: "2026-02-08T04:44:36.127352+00:00"
---

Chromium-based browsers (Brave, Chrome, Edge) fail with ERR_SSL_UNRECOGNIZED_NAME when accessing domains routed to a local reverse proxy (NPM) if Cloudflare publishes ECH keys in the HTTPS DNS record (TYPE65). The browser tries Encrypted Client Hello but the local NPM doesn't support it. Fix: Create Chromium enterprise policy at /etc/brave/policies/managed/disable-ech.json with {"EncryptedClientHelloEnabled": false}. Pi-hole FTL v6 does NOT honor local= or dns-rr directives for TYPE65 records, so DNS-level blocking is not viable. Firefox is unaffected as it handles ECH fallback gracefully.