v2ray icon indicating copy to clipboard operation
v2ray copied to clipboard

Published 20 hours ago verified publisher icon 233boy

使用任意带了TLS的协议均无法正常连通,使用无需TLS证书均可正常使用。相关报错为“net/http:TLS handshake timeout”

Open Hubupup opened this issue 8 months ago • 3 comments

如题,比如Vmess-WS-TLS,Trojan-H2-TLS等,均无法正常使用,V2Ray报错为: net/http:TLS handshake timeout 使用非TLS类的协议,如VMess-TCP、Shadowsocks等,可正常使用。 已经查看过相关 issue,未找到解决方法。

尝试过但无效的操作:

  1. 通过修改配置,将Caddy自动申请的证书替换为CloudFlare申请的证书
  2. 卸载重装脚本

环境信息如下:

  1. 系统 ubuntu 22
  2. 软件版本 V2Ray 5.28.0 / V2Ray script v4.23 / Caddy v2.9.1 / V2RayNG v1.9.38(Xray-core v25.3.3)
  3. 服务端已开放22、443端口
  4. 使用的域名为cloudns申请的二级域名,..cloudns.ch,域名已经在CloudFlare指向服务器IP(仅DNS,未开启代理)
  5. 使用ITDOG进行DNS解析查询,均能查询到该域名对应到服务器IP;使用TCP.PING域名443端口,也能ping通。 Image Image
  6. 浏览器输入域名,报错信息为:“错误代码:PR_CONNECT_RESET_ERROR,由于不能验证所收到的数据是否可信,无法显示您想要查看的页面。“
  7. V2Ray logerr 日志无报错,Caddy日志如下: Mar 11 21:20:30 racknerd-7092df2 systemd[1]: Starting Caddy... Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.HomeDir=/root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.AppDataDir=/root/.local/share/caddy Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.AppConfigDir=/root/.config/caddy Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.ConfigAutosavePath=/root/.config/caddy/autosave.json Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.Version=v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY= Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.GOOS=linux Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.GOARCH=amd64 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.Compiler=gc Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.NumCPU=1 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.GOMAXPROCS=1 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.Version=go1.23.6 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: os.Getwd=/ Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: LANG=en_US.UTF-8 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: NOTIFY_SOCKET=/run/systemd/notify Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: HOME=/root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: LOGNAME=root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: USER=root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: SHELL=/bin/sh Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: INVOCATION_ID=74b672f7f7c0447cbe3d4599900e7b57 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: JOURNAL_STREAM=8:1583302 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: SYSTEMD_EXEC_PID=577443 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0060751,"msg":"using config from file","file":"/etc/caddy/Caddyfile"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0084631,"msg":"No files matching import glob pattern","pattern":"/etc/caddy/sites/*.conf"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0113716,"msg":"adapted config to JSON","adapter":"caddyfile"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0131438,"logger":"admin","msg":"admin endpoint disabled"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0135727,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enab> Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0138032,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0151668,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.016096,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0163524,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0165482,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.016803,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0169969,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["***.***.cloudns.ch(手动隐去域名前缀)"]} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0200534,"msg":"autosaved config (load with --resume flag)","file":"/root/.config/caddy/autosave.json"} Mar 11 21:20:31 racknerd-7092df2 systemd[1]: Started Caddy. Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.028712,"msg":"serving initial configuration"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.021317,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000343380"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0307953,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/root/.local/share/caddy","i> Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0312512,"logger":"tls","msg":"finished cleaning storage units"}
  8. curl 和 openssl 均显示证书正确,域名匹配 (subjectAltName 正确),且证书链完整(由 Let's Encrypt 签发,根证书 ISRG Root X1 受信任)。
  9. CloudFlare网络设置中:WebSockets和gRPC已开启,最低 TLS 版本已设置为1.0

Hubupup avatar Mar 11 '25 21:03 Hubupup