站点的客户端收到 SSL_ERROR_HANDSHAKE_FAILURE_ALERT (Firefox) 和 ERR_BAD_SSL_CLIENT_AUTH_CERT (Chrome)

我在 AlmaLinux 8.8 (Centos) 和 Apache 2.4.56 中运行一个站点。该站点有一个自签名证书。

当我访问该网站时，由于自签名证书，我收到了常见的警告。在接受我想继续后，我SSL_ERROR_HANDSHAKE_FAILURE_ALERT在 Firefox 和ERR_BAD_SSL_CLIENT_AUTH_CERTChrome 中收到了错误。

在同一台服务器上，其他网站可以正常使用 Cloudflare + Let'Encrypt。

我对 Apache 虚拟主机文件上的 SSL 配置没有任何怀疑。我也仔细检查了证书。

我运行了这个调试工具，openssl s_client -state -debug -showcerts -verify 1 -connect example.com:443
下面您可以找到输出的摘要。

我注意到这一行SSL3 alert read:fatal:handshake failure以及另一行提及 Cloudflare 的内容，尽管该网站目前并未使用 Cloudflare。

请帮忙。

调试工具的输出：

verify depth is 1
CONNECTED(00000005)
SSL_connect:before SSL initialization
...
SSL_connect:SSLv3/TLS write client hello
...
SSL_connect:SSLv3/TLS write client hello
...
SSL_connect:SSLv3/TLS read server hello
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = (...)
verify error:num=18:self-signed certificate
...
SSL_connect:SSLv3/TLS read server certificate
...                ...
SSL_connect:SSLv3/TLS read server key exchange
SSL_connect:SSLv3/TLS read server certificate request
SSL_connect:SSLv3/TLS read server done
SSL_connect:SSLv3/TLS write client certificate
SSL_connect:SSLv3/TLS write client key exchange
SSL_connect:SSLv3/TLS write change cipher spec
...
SSL_connect:SSLv3/TLS write finished
...
SSL3 alert read:fatal:handshake failure
SSL_connect:error in error
0036800901000000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1586:SSL alert number 40
---
Certificate chain
 0 s:C = XX, L = Default City, O = Default Company Ltd, CN = (...)
   i:C = XX, L = Default City, O = Default Company Ltd, CN = (...)
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jul 14 11:41:36 2023 GMT; NotAfter: Jul 11 11:41:36 2033 GMT
-----BEGIN CERTIFICATE-----
...

Acceptable client certificate CA names
C = US, O = "CloudFlare, Inc.", OU = Origin Pull, L = San Francisco, ST = California, CN = origin-pull.cloudflare.net
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: 
...
---
SSL handshake has read 1553 bytes and written 456 bytes
Verification error: self-signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 940A6E481407D70D9F5DCFF3DD0760DC10A3A6B4B6F37D602EE8CDB83A736B049DE24DF0C8D4DE57A9E3A403553EC6D6
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1689342131
    Timeout   : 7200 (sec)
    Verify return code: 18 (self-signed certificate)
    Extended master secret: no