昨天换掉了一键脚本用 docker compose 重新配置了 vps 的代理,配置完成后发现在 Linux 下使用 curl 来查看伪装站点的话会报错,错误信息如下:
$ curl -I https://proxy.example.xyz
HTTP/1.1 200 Connection established
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
而且 Linux 下 Clash 节点配置必须要开启 skip-cert-verify 选项后才可以正常使用,但是在 macOS 上就正常,curl 可以正常返回站点信息,Clash 也不需要开启 skip-cert-verify ,这种情况是什么问题导致的?
xray 的证书配置如下:
"streamSettings":{
"network":"tcp",
"security":"xtls",
"xtlsSettings":{
"serverName":"proxy.example.xyz",
"alpn":[
"h2",
"http/1.1"
],
"certificates":[
{
"certificateFile":"/etc/acme.sh/proxy.example.xyz.cer",
"keyFile":"/etc/acme.sh/proxy.example.xyz.key"
}
]
}
}
1
totoro625 2023-07-03 22:00:36 +08:00 1
证书不全,acme 里面的证书输出选择 fullchain
|