ssl - 带有Godaddy错误的gevent SSL：ssl.SSLError：[SSL：SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3警报证书未知（_ssl.c：1051）(gevent SSL with godaddy error: ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1051))

Question

I've got Webhosting on GoDaddy with their SSL certificate installed.

(我在GoDaddy上安装了SSL证书的Webhosting。)

I'm trying to send the https POST request to my Python backend on my own server (with static IP) which is running gevent WSGIServer like this:

(我正在尝试将https POST请求发送到运行gevent WSGIServer的我自己的服务器（具有静态IP）上的Python后端，如下所示：)

https_server = WSGIServer(('<backend ip>', 3000),
                              appFlask,
                              keyfile='server.key',
                              certfile='server.crt',
                              )

The server.key and server.crt I created by copy/paste from goddady->cPanelAdmin-> Manage SSL Hosts -> Autofill by Domain.

(我从goddady-> cPanelAdmin->管理SSL主机->按域自动填充复制/粘贴创建的server.key和server.crt 。)

The Certificate: (CRT) -> server.crt .

(Certificate: (CRT) -> server.crt 。)

The Private Key (KEY) -> server.key .

(Private Key (KEY) -> server.key 。)

The CRT:

(CRT：)

-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIJANvQSPtAlkYyMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MTEzMDEzNTAyM1oX
DTIwMTEzMDA4MTAzN1owPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMRgwFgYDVQQDEw9hcXRzNjU1Mzc5ay5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/sQsu+SEMu3TbaaCx96hw8A8YLjQehtm16t9cx5KOKOld
chA1rUVZXZq5LLbgXJ/11Ws4z+oqg8T7xmhUPB/sBbP0wd0/wyqAKzkCEfZndV52
Y4oc7+P0NVC5YSTyoMQ1/bx12+PcpkG0LTUbz0F91Z2ZuO/Cr9l3NaR07v35zhKC
aTDJVd1sSwJkRQ9StUXEpQD8M107vhRuBsPqR49qC0vbwXByzK1pC7DTrz2Z0HFR
l8u0d86M+HHZmn3n/vRfXA0PIW16enjLkdZIKMmidvCJmRCUUA6KSljhJz5nZuOF
G2IrsWUqW3AX7Dt8BL2WX/blToikbC5oiaezFoR5AgMBAAGjggLMMIICyDAMBgNV
HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B
Af8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNv
bS9nZGlnMnMxLTE1NDcuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3
BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho
dHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0
aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0j
BBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wLwYDVR0RBCgwJoIPYXF0czY1NTM3
OWsuY29tghN3d3cuYXF0czY1NTM3OWsuY29tMB0GA1UdDgQWBBTCriFH/fyxral7
BYLxnzTLClIEIDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AKS5CZC0GFgUh7sT
osxncAo8NZgE+RvfuON3zQ7IDdwQAAABbryTxeMAAAQDAEgwRgIhAJ2E4BRwFSUd
kxChyaNNt9rW8yUovUzHMJBGEm48FgKXAiEAxgo7kNBGm0wmQEUX7gxY6xG4pRLv
5T0JoUf31mCvEuYAdgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AW68k8a8AAAEAwBHMEUCIQC661NrwQ+pn9vG9F1Aw9rJrrlHldzPXmCOoeih8cQI
PwIgQaMQ1KAyVz8zI8wGoJ3S+snGHQq88N+oivNeeSggIQwwDQYJKoZIhvcNAQEL
BQADggEBALZuZ9oXPf8zazPGqiIZrok/zVi7DrimGKQfgVnbR3bE0IhYUFlbO/GN
eH/AcDgHnR8Rdb3t4sjD7pTe1jaD/Jrj0Pz3zhRXKh4l47ERQcRTUKqoNnHW/yxv
+pVHJ/wU/h+DVfAvKkMiIyPV/EbjZg5Vys09tzIDSSjA0n+l2BYq6JY7Z/SWf6QX
CZNsDocBW05Vf0Ot8LDswxgIf1hpw0x/icQj/wlgMdCRIlS46ai293r2A+TcFj5a
aSpcpIT7Yf6NJPOlMNhPiTABAkzb34iA47Ox4S0pFImLuBVqYDIw0kM+tM0pdKuB
nd0IIfQhBswJgpAr++R57vuggExKtxw=
-----END CERTIFICATE-----

The Certificate Authority Bundle:

(证书颁发机构捆绑包：)

-----BEGIN CERTIFICATE-----
MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTEx
MDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsG
A1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBE
YWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v/z5lz4/OYuY8UhzaFkVLVat4
a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK/6AYZ15V8TPLvQ/MDxdR/yaFrzDN5ZBUY4RS1T4KL7Q
jL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZqm8A29vNMDp5T19MR/gd71vCxJ1g
O7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVkV4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOv
DCAHf+jfBDnCaQJsY1L6d8EbyHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz
8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYDVR0fBC4wLDAqoCigJoYkaHR0
cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEG
CCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3
DQEBCwUAA4IBAQAIfmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz91cxG7685C/b+LrTW+C05+Z5
Yg4MotdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6EnriDfcFDzkSn
E3ANkR/0yBOtg2DZ2HKocyQetawiDsoXiWJYRBuriSUBAA/NxBti21G00w9RKpv0vHP8ds42pM3Z
2Czqrpv1KrKQ0U11GIo/ikGQI31bS/6kA1ibRrLDYGCD+H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeK
M+2xLXY2JtwE65/3YR8V3Idv7kaWKK2hJn0KCacuBKONvPi8BDAB
-----END CERTIFICATE-----

The client code is React app with hash router where on the button click the following is called:

(客户端代码是带有哈希路由器的React应用，在该按钮上单击以下按钮将被称为：)

let res = await axios
      .create({ baseURL: "https://<backend ip>:3000" })
      .post("/server_auth_user", data_obj)
      .then(result => {
        if (result.status === 200 && result.data.response) {
          console.log(result);
          Auth.login(() => {
            this.props.history.push("/screens");
          ...

This is what happens when I run:

(这是我跑步时发生的情况：)

openssl s_client -connect <godaddy host>:443 -key 'server.key' -cert 'server.crt' 

CONNECTED(00000005)
---
Certificate chain
 0 s:OU = Domain Control Validated, CN = aqts655379k.com
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
 1 s:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
   i:C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
---
Server certificate
Server certificate
-----BEGIN CERTIFICATE-----
MIIGQzCCBSugAwIBAgIJANvQSPtAlkYyMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE5MTEzMDEzNTAyM1oX
DTIwMTEzMDA4MTAzN1owPTEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
dGVkMRgwFgYDVQQDEw9hcXRzNjU1Mzc5ay5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/sQsu+SEMu3TbaaCx96hw8A8YLjQehtm16t9cx5KOKOld
chA1rUVZXZq5LLbgXJ/11Ws4z+oqg8T7xmhUPB/sBbP0wd0/wyqAKzkCEfZndV52
Y4oc7+P0NVC5YSTyoMQ1/bx12+PcpkG0LTUbz0F91Z2ZuO/Cr9l3NaR07v35zhKC
aTDJVd1sSwJkRQ9StUXEpQD8M107vhRuBsPqR49qC0vbwXByzK1pC7DTrz2Z0HFR
l8u0d86M+HHZmn3n/vRfXA0PIW16enjLkdZIKMmidvCJmRCUUA6KSljhJz5nZuOF
G2IrsWUqW3AX7Dt8BL2WX/blToikbC5oiaezFoR5AgMBAAGjggLMMIICyDAMBgNV
HRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B
Af8EBAMCBaAwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5nb2RhZGR5LmNv
bS9nZGlnMnMxLTE1NDcuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwEwOTA3
BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
c2l0b3J5LzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho
dHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0
aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0j
BBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wLwYDVR0RBCgwJoIPYXF0czY1NTM3
OWsuY29tghN3d3cuYXF0czY1NTM3OWsuY29tMB0GA1UdDgQWBBTCriFH/fyxral7
BYLxnzTLClIEIDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AKS5CZC0GFgUh7sT
osxncAo8NZgE+RvfuON3zQ7IDdwQAAABbryTxeMAAAQDAEgwRgIhAJ2E4BRwFSUd
kxChyaNNt9rW8yUovUzHMJBGEm48FgKXAiEAxgo7kNBGm0wmQEUX7gxY6xG4pRLv
5T0JoUf31mCvEuYAdgBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAA
AW68k8a8AAAEAwBHMEUCIQC661NrwQ+pn9vG9F1Aw9rJrrlHldzPXmCOoeih8cQI
PwIgQaMQ1KAyVz8zI8wGoJ3S+snGHQq88N+oivNeeSggIQwwDQYJKoZIhvcNAQEL
BQADggEBALZuZ9oXPf8zazPGqiIZrok/zVi7DrimGKQfgVnbR3bE0IhYUFlbO/GN
eH/AcDgHnR8Rdb3t4sjD7pTe1jaD/Jrj0Pz3zhRXKh4l47ERQcRTUKqoNnHW/yxv
+pVHJ/wU/h+DVfAvKkMiIyPV/EbjZg5Vys09tzIDSSjA0n+l2BYq6JY7Z/SWf6QX
CZNsDocBW05Vf0Ot8LDswxgIf1hpw0x/icQj/wlgMdCRIlS46ai293r2A+TcFj5a
aSpcpIT7Yf6NJPOlMNhPiTABAkzb34iA47Ox4S0pFImLuBVqYDIw0kM+tM0pdKuB
nd0IIfQhBswJgpAr++R57vuggExKtxw=
-----END CERTIFICATE-----

subject=OU = Domain Control Validated, CN = <godaddy.host>

issuer=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2

---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3552 bytes and written 443 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: A1A0E86F59695161F06029EADB6F26C491F01A511A417CCCF07948F095139E3B
    Session-ID-ctx: 
    Master-Key: DAA60D38F7D74D553478FB3B74DE8F7BE315D003FBF3F6847F812CF25693CFC3EDDADB3F4A2A2D278F7239330E156D92
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - da 97 5d f6 a9 8a 2d 9b-a0 dd 6f 3c 65 58 11 55   ..]...-...o<eX.U
    0010 - c4 5d 24 c0 f3 03 6d 2e-16 75 9a 6f 9f 29 2d 4e   .]$...m..u.o.)-N
    0020 - 92 98 92 24 27 ab 92 2e-31 7d 83 26 70 ba c8 36   ...$'...1}.&p..6
    0030 - e6 86 62 58 2a e1 8a be-1c 08 d0 a2 30 e6 36 8c   ..bX*.......0.6.
    0040 - be b8 6d 5b 72 37 6b fd-32 f5 16 3b 0b 24 e1 10   ..m[r7k.2..;.$..
    0050 - 2d 71 f5 8d 1f bf d1 5a-74 2b d1 cd 1d ec f1 f9   -q.....Zt+......
    0060 - 6f b3 89 66 10 fa d3 bb-df cc cc 94 fa 61 2b 54   o..f.........a+T
    0070 - 0a 85 ac 0c f5 91 c8 53-06 a4 05 bc a8 bf 18 dc   .......S........
    0080 - 0f cc 71 46 5f af 23 fd-62 48 32 c8 95 20 8f bb   ..qF_.#.bH2.. ..
    0090 - f3 80 aa ca b0 cf 2e 5c-58 84 d9 65 e5 7e 57 a3   .......X..e.~W.
    00a0 - 09 99 98 72 91 77 21 a1-b9 3e a1 4e 4f 1b af 21   ...r.w!..>.NO..!
    00b0 - ff 02 97 71 90 b6 42 51-04 17 c3 e8 ca 8c 35 f9   ...q..BQ......5.
    00c0 - 33 07 ca 32 2f 9d c1 7e-59 52 37 db e0 c8 fa bf   3..2/..~YR7.....

    Start Time: 1575195127
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

The strange things are:

(奇怪的是：)

• on some devices/browsers I manage to go beyond the Submit button but then the redirected page /screens shows not secured, though certificate is valid

  (在某些设备/浏览器上，我设法超越了“提交”按钮，但是尽管证书有效，但重定向的页面/screens显示不安全)

• on other browsers I see in Python log - as if the godaddy now tries to validate my Python backend certificate?:

  (在其他浏览器上，我在Python日志中看到了-就像Godaddy现在尝试验证我的Python后端证书？：)

ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1076)
2019-12-01T09:59:25Z <Greenlet at 0x1a8fef

Answer 1

openssl s_client -connect <godaddy_host>:80 ...
... ssl3_get_record:wrong version number

You are connecting to the HTTP port (80) not to the HTTPS port (443).

(您正在连接到HTTP端口（80），而不是HTTPS端口（443）。)

No wonder it will fail with the TLS handshake.

(难怪它会因TLS握手而失败。)

But this has nothing to do with the error you get in your Python script since I'm pretty sure you don't use port 80 there.

(但这与您在Python脚本中收到的错误无关，因为我敢肯定您在那儿不使用端口80。)

net::ERR_CERT_COMMON_NAME_INVALID

(网路：: ERR_CERT_COMMON_NAME_INVALID)

This happens if the subject of the server certificate does not match the hostname you use to access the server in your code.

(如果服务器证书的主题与您用于在代码中访问服务器的主机名不匹配，则会发生这种情况。)

Since nothing about the server certificate and the code of your client is known I cannot be more specific where exactly the problem is.

(由于对服务器证书和客户端代码一无所知，因此我无法更确切地指出问题所在。)

gevent SSL with godaddy error: ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:1051)

(带有Godaddy错误的gevent SSL：ssl.SSLError：[SSL：SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3警报证书未知（_ssl.c：1051）)

The error message you show in the title is yet another one.

(您在标题中显示的错误消息是另一条错误消息。)

This suggests that the server is not accepting the client certificate you use.

(这表明服务器不接受您使用的客户端证书。)

Note that you cannot use arbitrary certificates as client certificate but must provide the ones accepted by the server.

(请注意，您不能使用任意证书作为客户端证书，而必须提供服务器接受的证书。)