gevent SSL with godaddy error: ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1051)

gevent SSL with godaddy error: ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1051)

我在 GoDaddy 上安装了虚拟主机并安装了他们的 SSL 证书。

我正在尝试将 https POST 请求发送到我自己的服务器(使用静态 IP)上的 Python 后端,即 运行ning gevent WSGIServer,如下所示:

https_server = WSGIServer(('<backend ip>', 3000),
                              appFlask,
                              keyfile='server.key',
                              certfile='server.crt',
                              )

server.keyserver.crt 我由 copy/paste 从 goddady->cPanelAdmin-> Manage SSL Hosts -> Autofill by Domain 创建。

Certificate: (CRT) -> server.crtPrivate Key (KEY) -> server.key.

CRT:

-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIJANvQSPtAlkYyMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MTEzMDEzNTAyM1oX
DTIwMTEzMDA4MTAzN1owPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMRgwFgYDVQQDEw9hcXRzNjU1Mzc5ay5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/sQsu+SEMu3TbaaCx96hw8A8YLjQehtm16t9cx5KOKOld
chA1rUVZXZq5LLbgXJ/11Ws4z+oqg8T7xmhUPB/sBbP0wd0/wyqAKzkCEfZndV52
Y4oc7+P0NVC5YSTyoMQ1/bx12+PcpkG0LTUbz0F91Z2ZuO/Cr9l3NaR07v35zhKC
aTDJVd1sSwJkRQ9StUXEpQD8M107vhRuBsPqR49qC0vbwXByzK1pC7DTrz2Z0HFR
l8u0d86M+HHZmn3n/vRfXA0PIW16enjLkdZIKMmidvCJmRCUUA6KSljhJz5nZuOF
G2IrsWUqW3AX7Dt8BL2WX/blToikbC5oiaezFoR5AgMBAAGjggLMMIICyDAMBgNV
HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B
Af8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNv
bS9nZGlnMnMxLTE1NDcuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3
BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho
dHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0
aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0j
BBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wLwYDVR0RBCgwJoIPYXF0czY1NTM3
OWsuY29tghN3d3cuYXF0czY1NTM3OWsuY29tMB0GA1UdDgQWBBTCriFH/fyxral7
BYLxnzTLClIEIDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AKS5CZC0GFgUh7sT
osxncAo8NZgE+RvfuON3zQ7IDdwQAAABbryTxeMAAAQDAEgwRgIhAJ2E4BRwFSUd
kxChyaNNt9rW8yUovUzHMJBGEm48FgKXAiEAxgo7kNBGm0wmQEUX7gxY6xG4pRLv
5T0JoUf31mCvEuYAdgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AW68k8a8AAAEAwBHMEUCIQC661NrwQ+pn9vG9F1Aw9rJrrlHldzPXmCOoeih8cQI
PwIgQaMQ1KAyVz8zI8wGoJ3S+snGHQq88N+oivNeeSggIQwwDQYJKoZIhvcNAQEL
BQADggEBALZuZ9oXPf8zazPGqiIZrok/zVi7DrimGKQfgVnbR3bE0IhYUFlbO/GN
eH/AcDgHnR8Rdb3t4sjD7pTe1jaD/Jrj0Pz3zhRXKh4l47ERQcRTUKqoNnHW/yxv
+pVHJ/wU/h+DVfAvKkMiIyPV/EbjZg5Vys09tzIDSSjA0n+l2BYq6JY7Z/SWf6QX
CZNsDocBW05Vf0Ot8LDswxgIf1hpw0x/icQj/wlgMdCRIlS46ai293r2A+TcFj5a
aSpcpIT7Yf6NJPOlMNhPiTABAkzb34iA47Ox4S0pFImLuBVqYDIw0kM+tM0pdKuB
nd0IIfQhBswJgpAr++R57vuggExKtxw=
-----END CERTIFICATE-----

证书颁发机构捆绑包:

-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTEx
MDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsG
A1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBE
YWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v/z5lz4/OYuY8UhzaFkVLVat4
a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7Q
jL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1g
O7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOv
DCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz
8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0
cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3
DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz91cxG7685C/b+LrTW+C05+Z5
Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSn
E3ANkR/0yBOtg2DZ2HKocyQetawiDsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z
2Czqrpv1KrKQ0U11GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeK
M+2xLXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
-----END CERTIFICATE-----

客户端代码是带有哈希路由器的 React 应用程序,在按钮上单击以下内容被调用:

let res = await axios
      .create({ baseURL: "https://<backend ip>:3000" })
      .post("/server_auth_user", data_obj)
      .then(result => {
        if (result.status === 200 && result.data.response) {
          console.log(result);
          Auth.login(() => {
            this.props.history.push("/screens");
          ...

当我 运行:

时会发生这种情况
openssl s_client -connect <godaddy host>:443 -key 'server.key' -cert 'server.crt' 
CONNECTED(00000005)
---
Certificate chain
 0 s:OU = Domain Control Validated, CN = aqts655379k.com
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
---
Server certificate
Server certificate
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIJANvQSPtAlkYyMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MTEzMDEzNTAyM1oX
DTIwMTEzMDA4MTAzN1owPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMRgwFgYDVQQDEw9hcXRzNjU1Mzc5ay5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/sQsu+SEMu3TbaaCx96hw8A8YLjQehtm16t9cx5KOKOld
chA1rUVZXZq5LLbgXJ/11Ws4z+oqg8T7xmhUPB/sBbP0wd0/wyqAKzkCEfZndV52
Y4oc7+P0NVC5YSTyoMQ1/bx12+PcpkG0LTUbz0F91Z2ZuO/Cr9l3NaR07v35zhKC
aTDJVd1sSwJkRQ9StUXEpQD8M107vhRuBsPqR49qC0vbwXByzK1pC7DTrz2Z0HFR
l8u0d86M+HHZmn3n/vRfXA0PIW16enjLkdZIKMmidvCJmRCUUA6KSljhJz5nZuOF
G2IrsWUqW3AX7Dt8BL2WX/blToikbC5oiaezFoR5AgMBAAGjggLMMIICyDAMBgNV
HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B
Af8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNv
bS9nZGlnMnMxLTE1NDcuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3
BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho
dHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0
aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0j
BBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wLwYDVR0RBCgwJoIPYXF0czY1NTM3
OWsuY29tghN3d3cuYXF0czY1NTM3OWsuY29tMB0GA1UdDgQWBBTCriFH/fyxral7
BYLxnzTLClIEIDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AKS5CZC0GFgUh7sT
osxncAo8NZgE+RvfuON3zQ7IDdwQAAABbryTxeMAAAQDAEgwRgIhAJ2E4BRwFSUd
kxChyaNNt9rW8yUovUzHMJBGEm48FgKXAiEAxgo7kNBGm0wmQEUX7gxY6xG4pRLv
5T0JoUf31mCvEuYAdgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AW68k8a8AAAEAwBHMEUCIQC661NrwQ+pn9vG9F1Aw9rJrrlHldzPXmCOoeih8cQI
PwIgQaMQ1KAyVz8zI8wGoJ3S+snGHQq88N+oivNeeSggIQwwDQYJKoZIhvcNAQEL
BQADggEBALZuZ9oXPf8zazPGqiIZrok/zVi7DrimGKQfgVnbR3bE0IhYUFlbO/GN
eH/AcDgHnR8Rdb3t4sjD7pTe1jaD/Jrj0Pz3zhRXKh4l47ERQcRTUKqoNnHW/yxv
+pVHJ/wU/h+DVfAvKkMiIyPV/EbjZg5Vys09tzIDSSjA0n+l2BYq6JY7Z/SWf6QX
CZNsDocBW05Vf0Ot8LDswxgIf1hpw0x/icQj/wlgMdCRIlS46ai293r2A+TcFj5a
aSpcpIT7Yf6NJPOlMNhPiTABAkzb34iA47Ox4S0pFImLuBVqYDIw0kM+tM0pdKuB
nd0IIfQhBswJgpAr++R57vuggExKtxw=
-----END CERTIFICATE-----

subject=OU = Domain Control Validated, CN = <godaddy.host>

issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2

---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3552 bytes and written 443 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: A1A0E86F59695161F06029EADB6F26C491F01A511A417CCCF07948F095139E3B
    Session-ID-ctx: 
    Master-Key: DAA60D38F7D74D553478FB3B74DE8F7BE315D003FBF3F6847F812CF25693CFC3EDDADB3F4A2A2D278F7239330E156D92
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - da 97 5d f6 a9 8a 2d 9b-a0 dd 6f 3c 65 58 11 55   ..]...-...o<eX.U
    0010 - c4 5d 24 c0 f3 03 6d 2e-16 75 9a 6f 9f 29 2d 4e   .]$...m..u.o.)-N
    0020 - 92 98 92 24 27 ab 92 2e-31 7d 83 26 70 ba c8 36   ...$'...1}.&p..6
    0030 - e6 86 62 58 2a e1 8a be-1c 08 d0 a2 30 e6 36 8c   ..bX*.......0.6.
    0040 - be b8 6d 5b 72 37 6b fd-32 f5 16 3b 0b 24 e1 10   ..m[r7k.2..;.$..
    0050 - 2d 71 f5 8d 1f bf d1 5a-74 2b d1 cd 1d ec f1 f9   -q.....Zt+......
    0060 - 6f b3 89 66 10 fa d3 bb-df cc cc 94 fa 61 2b 54   o..f.........a+T
    0070 - 0a 85 ac 0c f5 91 c8 53-06 a4 05 bc a8 bf 18 dc   .......S........
    0080 - 0f cc 71 46 5f af 23 fd-62 48 32 c8 95 20 8f bb   ..qF_.#.bH2.. ..
    0090 - f3 80 aa ca b0 cf 2e 5c-58 84 d9 65 e5 7e 57 a3   .......\X..e.~W.
    00a0 - 09 99 98 72 91 77 21 a1-b9 3e a1 4e 4f 1b af 21   ...r.w!..>.NO..!
    00b0 - ff 02 97 71 90 b6 42 51-04 17 c3 e8 ca 8c 35 f9   ...q..BQ......5.
    00c0 - 33 07 ca 32 2f 9d c1 7e-59 52 37 db e0 c8 fa bf   3..2/..~YR7.....

    Start Time: 1575195127
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

奇怪的是:

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)
2019-12-01T09:59:25Z <Greenlet at 0x1a8fefe8048: _handle_and_close_when_done(<bound method StreamServer.wrap_socket_and_handle , <bound method StreamServer.do_close of <WSGIServer, (<gevent._socket3.socket [closed]  object, fd=-1, )> failed with SSLError
openssl s_client -connect <godaddy_host>:80 ...
... ssl3_get_record:wrong version number

您正在连接到 HTTP 端口 (80) 而不是 HTTPS 端口 (443)。难怪它会因 TLS 握手而失败。但这与您在 Python 脚本中遇到的错误无关,因为我很确定您不会在那里使用端口 80。

net::ERR_CERT_COMMON_NAME_INVALID

如果服务器证书的主题与您在代码中用于访问服务器的主机名不匹配,就会发生这种情况。由于对服务器证书和客户端代码一无所知,因此我无法更具体地说明问题所在。

gevent SSL with godaddy error: ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1051)

您在标题中显示的错误消息是另一个错误消息。这表明服务器不接受您使用的客户端证书。请注意,您不能使用任意证书作为客户端证书,但必须提供服务器接受的证书。

我建议永远、永远、永远不要发布你的证书,它们是你自己的隐私。