我花了一整天时间试图弄清楚为什么我的 letsencrypt SSL 设置不起作用。我甚至切换到自生成证书,但都不起作用
我的详细 nginx 设置:
https://gist.github.com/yellow1912/bf38b2993032d10b7a7bdc82167a948b
-----------------------------
NGINX setup
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.2)
built with OpenSSL 1.0.2h 3 May 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads --add-module=/etc/nginx/modules/ngx_devel_kit --add-module=/etc/nginx/modules/lua-nginx-module --add-module=/etc/nginx/modules/nginx-push-stream-module --sbin-path=/usr/sbin/nginx
-----------------------------
NGINX config
server {
listen 80;
listen 443 ssl;
server_name mysite.com www.mysite.com;
# tried both with and without ssl on
# ssl on;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /var/www/web;
index app.php;
access_log /var/log/nginx/sites/site-path/access.log;
error_log /var/log/nginx/sites/site-path/error.log;
location = /robots.txt {
alias /var/www/local/site-path/web/robots.txt;
access_log off;
log_not_found off;
}
location = /favicon.ico {
alias /var/www/local/site-path/web/favicon.ico;
access_log off;
log_not_found off;
}
# we should not retry asset files further
location /assets {
try_files $uri =404;
log_not_found off;
access_log off;
}
# we should not retry static asset files any further
location ~ \.(css|js|png|jpg|jpeg|bmp|gif|ico)(/|$) {
try_files $uri =404;
log_not_found off;
access_log off;
}
location ~ /.well-known {
allow all;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
rewrite ^/app\.php/?(.*)$ /$1 permanent;
# lua rewrite module
# already checked for possible interference with ssl by commenting out
location / {
access_by_lua_block {
local rewriter = require "lua_st_redis_rewriter"
-- lets try to see if we have to redirect here
rewriter.redirect("1bfa3120d5534256b3bf17c37565c435")
-- yay, no redirect? we have to skip
rewriter.skipOn()
}
# include /etc/nginx/include.d/lua_st_redis_rewrites.lua;
try_files $uri @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
# pass the PHP scripts to FastCGI server from upstream phpfcgi
location ~ ^/(app|app_dev)\.php(/|$) {
access_by_lua_block {
local rewriter = require "lua_st_redis_rewriter"
if not rewriter.skipped() then
rewriter.skipOff()
rewriter.redirect("1bfa3120d5534256b3bf17c37565c435", true)
end
}
# Setup var defaults
set $no_cache "";
# If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
if ($request_method !~ ^(GET|HEAD)$) {
set $no_cache "1";
}
# Drop no cache cookie if need be
# (for some reason, add_header fails if included in prior if-block)
if ($no_cache = "1") {
add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
add_header X-Microcachable "0";
}
# Bypass cache if no-cache cookie is set
if ($http_cookie ~* "_mcnc") {
set $no_cache "1";
}
set $no_cache "1";
# Bypass cache if flag is set
fastcgi_no_cache $no_cache;
fastcgi_cache_bypass $no_cache;
fastcgi_cache microcache;
fastcgi_cache_key $scheme$host$request_uri$request_method;
fastcgi_cache_valid 404 301 302 30m;
fastcgi_cache_valid 200 1s;
fastcgi_cache_use_stale updating error timeout invalid_header http_500;
fastcgi_pass_header Set-Cookie;
fastcgi_pass_header Cookie;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_pass unix:/var/run/php-fpm-default.sock;
fastcgi_index app.php;
include fastcgi_params;
fastcgi_param SITE_LOCAL_PATH site-path;
fastcgi_param SITE_LOCAL_DIR /var/www/local/site-path;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
# fastcgi buffer
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
# fastcgi_read_timeout 480;
}
}
详细错误输出:
https://gist.github.com/yellow1912/36be7f744f09df1ca371bad49a91b624
openssl s_client -connect mysite.com:443 -debug
CONNECTED(00000003)
write to 0xdb5010 [0xdb5da0] (305 bytes => 305 (0x131))
0000 - 16 03 01 01 2c 01 00 01-28 03 03 20 f4 14 1a 35 ....,...(.. ...5
0010 - f6 69 61 92 ce 1e 9d 51-c9 42 a1 5c 6b d1 7e fd .ia....Q.B.\k.~.
0020 - fb e3 f0 0c 42 24 09 7d-fa 3d 30 00 00 aa c0 30 ....B$.}.=0....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$..........
0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7
0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...*
0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#..........
0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.@.?.>.3.2.1
0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........E.D.C
00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%......
00b0 - 00 3c 00 2f 00 96 00 41-c0 11 c0 07 c0 0c c0 02 .<./...A........
00c0 - 00 05 00 04 c0 12 c0 08-00 16 00 13 00 10 00 0d ................
00d0 - c0 0d c0 03 00 0a 00 ff-01 00 00 55 00 0b 00 04 ...........U....
00e0 - 03 00 01 02 00 0a 00 1c-00 1a 00 17 00 19 00 1c ................
00f0 - 00 1b 00 18 00 1a 00 16-00 0e 00 0d 00 0b 00 0c ................
0100 - 00 09 00 0a 00 23 00 00-00 0d 00 20 00 1e 06 01 .....#..... ....
0110 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03 ................
0120 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................
0130 - 01 .
read from 0xdb5010 [0xdbb300] (7 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1487159297
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
一些网络调试:
sudo tcpdump -n -i eth0 port 80 or port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:16:32.097134 IP myip.56015 > myserverip.443: Flags [S], seq 2934315372, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:32.097238 IP myserverip.443 > myip.56015: Flags [S.], seq 363667711, ack 2934315373, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:32.098754 IP myip.56014 > myserverip.443: Flags [S], seq 600640855, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:32.098798 IP myserverip.443 > myip.56014: Flags [S.], seq 838969497, ack 600640856, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:32.344237 IP myip.56015 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:32.344508 IP myserverip.443 > myip.56015: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:32.345462 IP myip.56014 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:32.345538 IP myserverip.443 > myip.56014: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:32.345634 IP myip.56015 > myserverip.443: Flags [P.], seq 1:166, ack 1, win 64, length 165
08:16:32.345655 IP myserverip.443 > myip.56015: Flags [R], seq 363667712, win 0, length 0
08:16:32.345800 IP myip.56014 > myserverip.443: Flags [P.], seq 1:166, ack 1, win 64, length 165
08:16:32.345814 IP myserverip.443 > myip.56014: Flags [R], seq 838969498, win 0, length 0
08:16:32.587153 IP myip.56015 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:32.587206 IP myserverip.443 > myip.56015: Flags [R], seq 363667713, win 0, length 0
08:16:32.588277 IP myip.56014 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:32.588309 IP myserverip.443 > myip.56014: Flags [R], seq 838969499, win 0, length 0
08:16:32.588919 IP myip.56015 > myserverip.443: Flags [F.], seq 166, ack 2, win 64, length 0
08:16:32.588934 IP myserverip.443 > myip.56015: Flags [R], seq 363667713, win 0, length 0
08:16:32.597684 IP myip.56014 > myserverip.443: Flags [F.], seq 166, ack 2, win 64, length 0
08:16:32.597713 IP myserverip.443 > myip.56014: Flags [R], seq 838969499, win 0, length 0
08:16:32.598303 IP myip.56017 > myserverip.443: Flags [S], seq 1175791765, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:32.598361 IP myserverip.443 > myip.56017: Flags [S.], seq 3583343505, ack 1175791766, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:32.842246 IP myip.56017 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:32.842434 IP myserverip.443 > myip.56017: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:32.843017 IP myip.56018 > myserverip.443: Flags [S], seq 1152101190, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:32.843068 IP myserverip.443 > myip.56018: Flags [S.], seq 1493059739, ack 1152101191, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:32.858541 IP myip.56017 > myserverip.443: Flags [P.], seq 1:172, ack 1, win 64, length 171
08:16:32.858582 IP myserverip.443 > myip.56017: Flags [R], seq 3583343506, win 0, length 0
08:16:33.082638 IP myip.56017 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:33.082688 IP myserverip.443 > myip.56017: Flags [R], seq 3583343507, win 0, length 0
08:16:33.082800 IP myip.56017 > myserverip.443: Flags [F.], seq 172, ack 2, win 64, length 0
08:16:33.082811 IP myserverip.443 > myip.56017: Flags [R], seq 3583343507, win 0, length 0
08:16:33.083298 IP myip.56018 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:33.083455 IP myserverip.443 > myip.56018: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:33.283115 IP myip.56019 > myserverip.443: Flags [S], seq 1894016244, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:33.283213 IP myserverip.443 > myip.56019: Flags [S.], seq 3244723994, ack 1894016245, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:33.320006 IP myip.56018 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:33.397840 IP myip.56018 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:16:33.397925 IP myserverip.443 > myip.56018: Flags [.], ack 2, win 229, length 0
08:16:33.527033 IP myip.56022 > myserverip.443: Flags [S], seq 813585215, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:33.527107 IP myserverip.443 > myip.56022: Flags [S.], seq 1206711519, ack 813585216, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:33.535086 IP myip.56019 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:33.535258 IP myserverip.443 > myip.56019: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:33.535823 IP myip.56019 > myserverip.443: Flags [P.], seq 1:166, ack 1, win 64, length 165
08:16:33.535851 IP myserverip.443 > myip.56019: Flags [R], seq 3244723995, win 0, length 0
08:16:33.802784 IP myip.56023 > myserverip.443: Flags [S], seq 1095053335, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:33.802825 IP myserverip.443 > myip.56023: Flags [S.], seq 22107761, ack 1095053336, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:33.804091 IP myip.56022 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:33.804222 IP myserverip.443 > myip.56022: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:33.809068 IP myip.56019 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:33.809084 IP myserverip.443 > myip.56019: Flags [R], seq 3244723996, win 0, length 0
08:16:33.810626 IP myip.56019 > myserverip.443: Flags [F.], seq 166, ack 2, win 64, length 0
08:16:33.810638 IP myserverip.443 > myip.56019: Flags [R], seq 3244723996, win 0, length 0
08:16:34.029139 IP myip.56024 > myserverip.443: Flags [S], seq 3085295716, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:34.029183 IP myserverip.443 > myip.56024: Flags [S.], seq 1642672586, ack 3085295717, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:34.039865 IP myip.56023 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:34.040011 IP myserverip.443 > myip.56023: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:34.054363 IP myip.56022 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:34.054821 IP myip.56023 > myserverip.443: Flags [P.], seq 1:172, ack 1, win 64, length 171
08:16:34.054841 IP myserverip.443 > myip.56023: Flags [R], seq 22107762, win 0, length 0
08:16:34.267730 IP myip.56024 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:34.268000 IP myserverip.443 > myip.56024: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:34.277506 IP myip.56023 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:34.277529 IP myserverip.443 > myip.56023: Flags [R], seq 22107763, win 0, length 0
08:16:34.277539 IP myip.56023 > myserverip.443: Flags [F.], seq 172, ack 2, win 64, length 0
08:16:34.277541 IP myserverip.443 > myip.56023: Flags [R], seq 22107763, win 0, length 0
08:16:34.511174 IP myip.56024 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:39.279437 IP myip.56024 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:16:39.279472 IP myserverip.443 > myip.56024: Flags [.], ack 2, win 229, length 0
08:16:39.287059 IP myip.56022 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:16:39.287075 IP myserverip.443 > myip.56022: Flags [.], ack 2, win 229, length 0
08:16:39.287921 IP myip.56025 > myserverip.443: Flags [S], seq 1826371421, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:39.287964 IP myserverip.443 > myip.56025: Flags [S.], seq 3907985986, ack 1826371422, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:39.593767 IP myip.56025 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:39.594140 IP myserverip.443 > myip.56025: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:39.596209 IP myip.56025 > myserverip.443: Flags [P.], seq 1:166, ack 1, win 64, length 165
08:16:39.596273 IP myserverip.443 > myip.56025: Flags [R], seq 3907985987, win 0, length 0
08:16:39.600372 IP myip.56026 > myserverip.443: Flags [S], seq 3161132813, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:39.600418 IP myserverip.443 > myip.56026: Flags [S.], seq 963446342, ack 3161132814, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:39.843597 IP myip.56025 > myserverip.443: Flags [F.], seq 166, ack 2, win 64, length 0
08:16:39.843647 IP myserverip.443 > myip.56025: Flags [R], seq 3907985988, win 0, length 0
08:16:39.843662 IP myip.56025 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:39.843665 IP myserverip.443 > myip.56025: Flags [R], seq 3907985988, win 0, length 0
08:16:39.847118 IP myip.56026 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:39.847314 IP myserverip.443 > myip.56026: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:39.850032 IP myip.56027 > myserverip.443: Flags [S], seq 1053759215, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:39.850072 IP myserverip.443 > myip.56027: Flags [S.], seq 1225009996, ack 1053759216, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:40.091448 IP myip.56026 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:40.099805 IP myip.56028 > myserverip.443: Flags [S], seq 2645215989, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:16:40.099842 IP myserverip.443 > myip.56028: Flags [S.], seq 4075160069, ack 2645215990, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:16:40.102220 IP myip.56027 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:40.102390 IP myserverip.443 > myip.56027: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:40.117653 IP myip.56027 > myserverip.443: Flags [P.], seq 1:172, ack 1, win 64, length 171
08:16:40.117686 IP myserverip.443 > myip.56027: Flags [R], seq 1225009997, win 0, length 0
08:16:40.340827 IP myip.56028 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:16:40.341089 IP myserverip.443 > myip.56028: Flags [F.], seq 1, ack 1, win 229, length 0
08:16:40.378179 IP myip.56027 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:40.378215 IP myserverip.443 > myip.56027: Flags [R], seq 1225009998, win 0, length 0
08:16:40.378231 IP myip.56027 > myserverip.443: Flags [F.], seq 172, ack 2, win 64, length 0
08:16:40.378235 IP myserverip.443 > myip.56027: Flags [R], seq 1225009998, win 0, length 0
08:16:40.578557 IP myip.56028 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:16:44.326833 IP myip.56028 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:16:44.326868 IP myserverip.443 > myip.56028: Flags [.], ack 2, win 229, length 0
08:16:44.333587 IP myip.56026 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:16:44.333600 IP myserverip.443 > myip.56026: Flags [.], ack 2, win 229, length 0
^C
105 packets captured
106 packets received by filter
0 packets dropped by kernel
root@nilead-app:/nilead/theme# sudo tcpdump -n -i eth0 port 80 or port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:17:59.490552 IP myip.56073 > myserverip.443: Flags [S], seq 4140883238, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:17:59.490629 IP myserverip.443 > myip.56073: Flags [S.], seq 436041725, ack 4140883239, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:17:59.494939 IP myip.56074 > myserverip.443: Flags [S], seq 1250819806, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:17:59.494965 IP myserverip.443 > myip.56074: Flags [S.], seq 4137076167, ack 1250819807, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:17:59.791509 IP myip.56073 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:17:59.791911 IP myserverip.443 > myip.56073: Flags [F.], seq 1, ack 1, win 229, length 0
08:17:59.802168 IP myip.56073 > myserverip.443: Flags [P.], seq 1:166, ack 1, win 64, length 165
08:17:59.802239 IP myserverip.443 > myip.56073: Flags [R], seq 436041726, win 0, length 0
08:17:59.815641 IP myip.56077 > myserverip.443: Flags [S], seq 4078944871, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:17:59.815683 IP myserverip.443 > myip.56077: Flags [S.], seq 975554701, ack 4078944872, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:17:59.837726 IP myip.56074 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:17:59.837789 IP myip.56074 > myserverip.443: Flags [P.], seq 1:166, ack 1, win 64, length 165
08:17:59.837805 IP myserverip.443 > myip.56074: Flags [.], ack 166, win 237, length 0
08:17:59.838092 IP myserverip.443 > myip.56074: Flags [R.], seq 1, ack 166, win 237, length 0
08:18:00.064210 IP myip.56073 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:18:00.064262 IP myserverip.443 > myip.56073: Flags [R], seq 436041727, win 0, length 0
08:18:00.068103 IP myip.56073 > myserverip.443: Flags [F.], seq 166, ack 2, win 64, length 0
08:18:00.068124 IP myserverip.443 > myip.56073: Flags [R], seq 436041727, win 0, length 0
08:18:00.079339 IP myip.56077 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:18:00.079559 IP myserverip.443 > myip.56077: Flags [F.], seq 1, ack 1, win 229, length 0
08:18:00.082047 IP myip.56078 > myserverip.443: Flags [S], seq 874023007, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:18:00.082101 IP myserverip.443 > myip.56078: Flags [S.], seq 3249174803, ack 874023008, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:18:00.341409 IP myip.56079 > myserverip.443: Flags [S], seq 2253393656, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:18:00.341437 IP myserverip.443 > myip.56079: Flags [S.], seq 2355967804, ack 2253393657, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:18:00.349187 IP myip.56077 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:18:00.357741 IP myip.56078 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:18:00.357922 IP myserverip.443 > myip.56078: Flags [F.], seq 1, ack 1, win 229, length 0
08:18:00.377426 IP myip.56078 > myserverip.443: Flags [P.], seq 1:172, ack 1, win 64, length 171
08:18:00.377477 IP myserverip.443 > myip.56078: Flags [R], seq 3249174804, win 0, length 0
08:18:00.610844 IP myip.56079 > myserverip.443: Flags [.], ack 1, win 64, length 0
08:18:00.611058 IP myserverip.443 > myip.56079: Flags [F.], seq 1, ack 1, win 229, length 0
08:18:00.619253 IP myip.56078 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:18:00.619312 IP myserverip.443 > myip.56078: Flags [R], seq 3249174805, win 0, length 0
08:18:00.619332 IP myip.56078 > myserverip.443: Flags [F.], seq 172, ack 2, win 64, length 0
08:18:00.619334 IP myserverip.443 > myip.56078: Flags [R], seq 3249174805, win 0, length 0
08:18:00.877467 IP myip.56079 > myserverip.443: Flags [.], ack 2, win 64, length 0
08:18:00.969848 IP myip.56079 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:18:00.969881 IP myserverip.443 > myip.56079: Flags [.], ack 2, win 229, length 0
08:18:00.979810 IP myip.56077 > myserverip.443: Flags [F.], seq 1, ack 2, win 64, length 0
08:18:00.979876 IP myserverip.443 > myip.56077: Flags [.], ack 2, win 229, length 0
08:18:10.423048 IP myip.56084 > myserverip.80: Flags [S], seq 1953512023, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:18:10.423096 IP myserverip.80 > myip.56084: Flags [S.], seq 2835314279, ack 1953512024, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:18:10.425816 IP myip.56086 > myserverip.80: Flags [S], seq 1830331223, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:18:10.425846 IP myserverip.80 > myip.56086: Flags [S.], seq 1579049320, ack 1830331224, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:18:10.427952 IP myip.56085 > myserverip.80: Flags [S], seq 233630384, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:18:10.428034 IP myserverip.80 > myip.56085: Flags [S.], seq 557462937, ack 233630385, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:18:10.430875 IP myip.56083 > myserverip.80: Flags [S], seq 2406686340, win 8192, options [mss 1452,nop,wscale 8,nop,nop,sackOK], length 0
08:18:10.430917 IP myserverip.80 > myip.56083: Flags [S.], seq 3592789106, ack 2406686341, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
08:18:10.660601 IP myip.56084 > myserverip.80: Flags [.], ack 1, win 64, length 0
08:18:10.664797 IP myip.56085 > myserverip.80: Flags [.], ack 1, win 64, length 0
08:18:10.669508 IP myip.56086 > myserverip.80: Flags [.], ack 1, win 64, length 0
08:18:10.675437 IP myip.56083 > myserverip.80: Flags [.], ack 1, win 64, length 0
08:18:10.766432 IP myip.56085 > myserverip.80: Flags [P.], seq 1:1000, ack 1, win 64, length 999: HTTP: GET / HTTP/1.1
08:18:10.766481 IP myserverip.80 > myip.56085: Flags [.], ack 1000, win 244, length 0
08:18:10.942281 IP myserverip.80 > myip.56085: Flags [.], seq 1:2905, ack 1000, win 244, length 2904: HTTP: HTTP/1.1 200 OK
08:18:10.942316 IP myserverip.80 > myip.56085: Flags [.], seq 2905:5809, ack 1000, win 244, length 2904: HTTP
08:18:10.942320 IP myserverip.80 > myip.56085: Flags [.], seq 5809:8713, ack 1000, win 244, length 2904: HTTP
08:18:10.942324 IP myserverip.80 > myip.56085: Flags [P.], seq 8713:10165, ack 1000, win 244, length 1452: HTTP
08:18:10.942328 IP myserverip.80 > myip.56085: Flags [P.], seq 10165:11670, ack 1000, win 244, length 1505: HTTP
08:18:11.187559 IP myip.56085 > myserverip.80: Flags [.], ack 2905, win 64, length 0
08:18:11.187757 IP myip.56085 > myserverip.80: Flags [.], ack 5809, win 64, length 0
08:18:11.187977 IP myip.56085 > myserverip.80: Flags [.], ack 11670, win 64, length 0
任何指针都会有很大帮助,我尝试了一切,但正如你所看到的,我不太熟悉设置 SSL。