客户端和服务器不支持一般SSL协议版本或加密时间 The client and server do not support general SSL protocol version or encryption time


#1

My domain is:
sanwzzz.club
I ran this command:
Caddyfile:
sanwzzz.club:443 {
root /caddy/www/index.html
tls 1023837091@qq.com
gzip
}
It produced this output:
Log:
Activating privacy features… done.
http://:sanwzzz.club
My web server is (include version):
Caddy
curl https://getcaddy.com | bash -s personal tls.dns.namecheap
The operating system my web server runs on is (include version):
Centos7 *64
My hosting provider, if applicable, is:
VirMach
Chrome:
This site can’t provide a secure connection
sanwzzz.club sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH


#2

Hi,

Take a look at this post:
https://caddyserver.com/docs/automatic-https

P.S. ERR_SSL_VERSION_OR_CIPHER_MISMATCH provides us no information & your website is not able to connect.

Thank you


#3

HI,
I checked my Caddyfile and found no mistake.and prompt the success of the start,I think this is the result of the SSL certificate
Caddyfile:
sanwzzz.club:443 {
root /caddy/www/index.html
tls 1023837091@qq.com
gzip
}
Log:
Activating privacy features… done.
http://:sanwzzz.club
Chrome:
This site does not provide a secure connection
Sanwzzz.club uses unsupported protocols.
ERR SSL VERSION OR CIPHER MISMATCH
Hidden details
The agreement is not supported
The client and server do not support general SSL protocol version or encryption suite.


#4

One possibility is some screwed up port forwarding, make sure it’s not listening HTTP on port 443:

http://sanwzzz.club:443

Check also (from the server running Caddy)

openssl s_client -connect sanwzzz.club:443 -servername sanwzzz.club | openssl x509 -in -noout -text

#5

Okay… Maybe i don’t get how caddy works…

I thought you would need to obtain a tls certificate first and run caddy, to avoid issuing too many certificates.
Maybe i’m wrong…

sanwzzz.club:443 {
root /caddy/www/index.html
gzip
}

Seems caddy doesn’t make sense to me…


#6

Man… That’s actually not a private IP…
nslookup sanwzzz.club
Server: google-public-dns-a.google.com
Address: 2001:4860:4860::8888

Non-authoritative answer:
Name:    sanwzzz.club
Address:  192.3.118.21

Belong to ColoCrossing… which makes sense


#7

Okay,Caddy will automatically apply to me to apply for a certificate.But it’s always a failure.


#8

Okay…

It seems that your server has already applied 2 certificates. (And issued).

Do you happen to know where are them?

Also, you’ve got a certificate from TrustAsia… which i believe was issued from TCloud or Aliyun…

Why not use that…

Thank you


#9

Yes, this is my server address.


#10

is https,Uh, I have reset the system and caddy. Now there are 400 errors.


I type this, but it doesn’t seem to work.


#11

how can you even connect to the system if you reset the server…

求问把服务器重置了以后您是怎么连的上网站的…

It feed me error code system library:connect:reason(1869), which means No service is listening to the port

OpenSSL反馈错误代码为1869,意思就是说没有服务在监听端口443…

Thank you,
谢谢


#12

Is there a firewall blocking port 443?
Is there anything servicing port 443?
netstat -pant | grep 443


#13

服务器重做了系统,重装了caddy,网站并没有开启,用ssh链接服务器重新搭建,然后就遇到了400错误,Activating privacy features… 2018/05/19 13:31:48 [sanwzzz.club] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://sanwzzz.club/.well-known/acme-challenge/PZKK9RVy9xETP0wAtgid_dd5gHyCKAlzyTeudM7zHfI: Error getting validation data


#14

I believe port 80 is blocked by a firewall. In particular, when I try to connect to port 80, I get an ICMP type 3, code 10 packet back (“Destination administratively prohibited”). This is different from the error that I get trying to connect on any other port number.


#15

现在你需要查一下防火墙有没有打开了…

你的服务器版本是多少?? (Centos?Ubuntu?etc)

Caddy的话,我比较建议试一下这个教程:
https://www.zybuluo.com/zwh8800/note/844776

P.S. Literally same as @schoen’s response @ 14 floor.
Have some chinese tutorials provided.


#16

no,Nothing is not occupied。


#17

Show:
netstat -pant | grep -i LISTEN


#18

The requests to port 80 are filtered by his firewall… instead of not listening

Glad my portqryv2 still works :smile:


#19

Centos7 *64,关闭防火墙。成功。。。。请教一下是什么原因


#20

You should leave the firewall on.
Just be sure to allow the ports that you need to allow.
Like:
22, 80, 443