SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client:

A few months ago I started getting complaints from dozens of users about getting errors when connecting to my site. When I look into the error.log of nginx I see daily SSL errors:

I have no idea what could cause this issue since 99% of users are getting through and I can't seem to replicate it myself. One user said that switching to a VPN fixed the issue for him. Other posts on stackoverflow suggested that this occurs with malicious requests from the same ip but that is not the case here.

Does anyone know a fix to this?

(I have not made any changes to this server/config in months.)

The webserver is running on Ubuntu 20.10

Nginx error.log

2022/04/16 04:40:19 [crit] 809329#809329: *13542487 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 04:40:32 [crit] 809329#809329: *13542919 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 38.132.118.76, server: 0.0.0.0:443
2022/04/16 04:58:54 [crit] 809329#809329: *13564742 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443
2022/04/16 05:10:29 [crit] 809329#809329: *13578753 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 05:59:32 [crit] 809329#809329: *13638601 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 178.73.215.171, server: 0.0.0.0:443
2022/04/16 07:16:27 [crit] 809330#809330: *13730741 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 65.49.20.67, server: 0.0.0.0:443
2022/04/16 07:18:19 [crit] 809330#809330: *13733448 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.223.231, server: 0.0.0.0:443
2022/04/16 09:51:15 [crit] 809330#809330: *13937194 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443

Nginx config

server {
    server_name api.rekonise.com www.api.rekonise.com;

    location / {
        proxy_pass http://localhost:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.rekonise.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.rekonise.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.api.rekonise.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = api.rekonise.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name api.rekonise.com www.api.rekonise.com;

    return 404; # managed by Certbot
}