1. 首页
  2. 问答
  3. Cloudflare SSL握手失败(错误525)

Cloudflare SSL握手失败(错误525)

2017-07-27 1983 views
0

我的网站(和主机)出现问题。 我正在为我的网站使用完整(严格)加密设置。我不知道为什么它自上个月以来遇到错误,网络正常工作。Cloudflare SSL握手失败(错误525)

的网站:mikatatravel.com

这里是调试

使用curl -sv -o命令:

curl -sv -o /dev/null https://mikatatravel.com/ --resolve mikatatravel.com:443:104.238.222.150 

* Added mikatatravel.com:443:104.238.222.150 to DNS cache 
* Hostname mikatatravel.com was found in DNS cache 
* Trying 104.238.222.150... 
* TCP_NODELAY set 
* Connected to mikatatravel.com (104.238.222.150) port 443 (#0) 
* ALPN, offering h2 
* ALPN, offering http/1.1 
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH 
* successfully set certificate verify locations: 
* CAfile: /usr/local/etc/openssl/cert.pem 
    CApath: /usr/local/etc/openssl/certs 
* TLSv1.2 (OUT), TLS header, Certificate Status (22): 
} [5 bytes data] 
* TLSv1.2 (OUT), TLS handshake, Client hello (1): 
} [512 bytes data] 
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
* stopped the pause stream! 
* Closing connection 0

使用OpenSSL的s_client.First命令:

openssl s_client -connect 104.238.222.150:443 | openssl x509 -text -noout 

52457:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:618: unable to load certificate 

52458:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE

而且这里是VHost配置:

Listen 80 
<VirtualHost *:80> 
    ServerName mikatatravel.com 
    ServerAlias www.mikatatravel.com 
    ServerAdmin -alreadyset- 
    DocumentRoot -alreadyset- 

    SSLEngine  off 
    SSLCertificateFile  -alreadyset-/mikata.pem 
    SSLCertificateKeyFile  -alreadyset-/mikata.key 

    <Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

    <Directory /home/emtetour/public_html> 
     Options Indexes FollowSymLinks Multiviews 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

    ErrorLog -alreadyset- 
    CustomLog -alreadyset- 

</VirtualHost> 

Listen 443 
<VirtualHost *:443> 
    ServerName mikatatravel.com 
    ServerAlias www.mikatatravel.com 
    ServerAdmin -alreadyset- 
    DocumentRoot -alreadyset- 

    SSLEngine  on 
    SSLCertificateFile  -alreadyset-/mikata.pem 
    SSLCertificateKeyFile  -alreadyset-/mikata.key 

    <Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

    <Directory /home/emtetour/public_html> 
     Options Indexes FollowSymLinks Multiviews 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

</VirtualHost>

有人能帮助我吗?已经4天了,我不知道该怎么修复... 谢谢..

P.S. 服务器在UbuntuOS上运行Apache2.4.25。密码和协议与cloudflare SSL兼容。

来源

2017-07-27 Satrio Wibowo

回答

0

它看起来像您可以根据您所提供的错误信息有一个坏的证书:

Expecting: TRUSTED CERTIFICATE

来源

2017-10-06 17:34:01 Geodepe

相关问题

 相关问题