2017-07-27 463 views
0

我的網站(和主機)出現問題。 我正在爲我的網站使用完整(嚴格)加密設置。我不知道爲什麼它自上個月以來遇到錯誤,網絡正常工作。Cloudflare SSL握手失敗(錯誤525)

的網站:mikatatravel.com

這裏是調試

使用curl -sv -o命令:

curl -sv -o /dev/null https://mikatatravel.com/ --resolve mikatatravel.com:443:104.238.222.150 

* Added mikatatravel.com:443:104.238.222.150 to DNS cache 
* Hostname mikatatravel.com was found in DNS cache 
* Trying 104.238.222.150... 
* TCP_NODELAY set 
* Connected to mikatatravel.com (104.238.222.150) port 443 (#0) 
* ALPN, offering h2 
* ALPN, offering http/1.1 
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH 
* successfully set certificate verify locations: 
* CAfile: /usr/local/etc/openssl/cert.pem 
    CApath: /usr/local/etc/openssl/certs 
* TLSv1.2 (OUT), TLS header, Certificate Status (22): 
} [5 bytes data] 
* TLSv1.2 (OUT), TLS handshake, Client hello (1): 
} [512 bytes data] 
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 
* stopped the pause stream! 
* Closing connection 0 

使用OpenSSL的s_client.First命令:

openssl s_client -connect 104.238.222.150:443 | openssl x509 -text -noout 

52457:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:618: unable to load certificate 

52458:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE 

而且這裏是VHost配置:

Listen 80 
<VirtualHost *:80> 
    ServerName mikatatravel.com 
    ServerAlias www.mikatatravel.com 
    ServerAdmin -alreadyset- 
    DocumentRoot -alreadyset- 

    SSLEngine  off 
    SSLCertificateFile  -alreadyset-/mikata.pem 
    SSLCertificateKeyFile  -alreadyset-/mikata.key 

    <Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

    <Directory /home/emtetour/public_html> 
     Options Indexes FollowSymLinks Multiviews 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

    ErrorLog -alreadyset- 
    CustomLog -alreadyset- 

</VirtualHost> 

Listen 443 
<VirtualHost *:443> 
    ServerName mikatatravel.com 
    ServerAlias www.mikatatravel.com 
    ServerAdmin -alreadyset- 
    DocumentRoot -alreadyset- 

    SSLEngine  on 
    SSLCertificateFile  -alreadyset-/mikata.pem 
    SSLCertificateKeyFile  -alreadyset-/mikata.key 

    <Directory /> 
     Options FollowSymLinks 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

    <Directory /home/emtetour/public_html> 
     Options Indexes FollowSymLinks Multiviews 
     AllowOverride None 
     Order allow,deny 
     Allow from all 
     Require all granted 
    </Directory> 

</VirtualHost> 

有人能幫助我嗎?已經4天了,我不知道該怎麼修復... 謝謝..

P.S. 服務器在UbuntuOS上運行Apache2.4.25。密碼和協議與cloudflare SSL兼容。

回答

0

它看起來像您可以根據您所提供的錯誤信息有一個壞的證書:

Expecting: TRUSTED CERTIFICATE