When toggling the "Use SSL" or "Do Not Use SSL" setting on the AD Endpoint the modify request also needs to include the password for the AD Endpoint's Proxy ID. If this setting is getting toggled your Provisioning Server's etatrans log (set to level=7) would show the following where the eTADSUseSSL attribute would be set to value 0 (Do Not Use SSL) or value 1 (Use SSL).
20180323:094512:TID=001f88:Modify :E982:----:S: External Modify (eTADSDirectoryName=MyEndpoint) Requested by User imadmin
20180323:094512:TID=001f88:Modify :E982:----:P: dn: eTADSDirectoryName=MyEndpoint,eTNamespaceName=ActiveDirectory,dc=im
20180323:094512:TID=001f88:Modify :E982:----:P: eTADSAuthPWD: ** NOT SHOWN ** [REPLACE]
20180323:094512:TID=001f88:Modify :E982:----:P: eTADSUseSSL: 0 [REPLACE]
If further assistance is needed you may be best with opening a support case.