lrok

// ERR_NGROK_4002

ngrok ERR_NGROK_4002 — TLS not supported on this domain: how to fix

ERR_NGROK_4002 means a client tried to negotiate TLS against an ngrok endpoint that hasn't been configured to terminate it. Common when serving a custom domain or a TCP tunnel that doesn't speak TLS.

What it means

ngrok's edge requires explicit TLS configuration per endpoint. Hitting an HTTP-only endpoint with HTTPS, or a raw TCP tunnel with TLS, returns 4002.

Common causes

  • Custom domain configured for HTTP-only ngrok endpoint, but DNS sends https:// traffic.
  • TLS pass-through enabled on the agent without a certificate ngrok can serve.
  • Stale CNAME pointing at a deleted ngrok endpoint.

How to fix it on ngrok

  1. 1. Confirm the endpoint is configured for HTTPS

    ngrok dashboard → Domains → check the endpoint type. Switch to HTTPS or add TLS pass-through.

  2. 2. Verify your DNS records

    If you're using a custom domain, the CNAME must point at the exact tunneled hostname.

// the same workflow on lrok

lrok terminates real Let's Encrypt TLS at the edge for both *.lrok.io and any verified custom domain — automatically, no per-endpoint TLS config. There's no 'TLS not supported' state in the lrok product.

  1. 1. Reserve + tunnel

    $ lrok reserve mysite
$ lrok http 3000 --hint mysite

  2. 2. For a custom domain

    lrok.io/dashboard/domains → Add domain → DNS verify (TXT + CNAME). Cert auto-issued in ~90s.

Try lrok freelrok vs ngrok →Pricing

More ngrok issues