Cloudflare 返回无效的中间证书

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

• 请不要在回答技术问题时复制粘贴 AI 生成的内容

如题，今天无法在命令行访问自己的网站，故 curl https://blog.cxzlw.top，得到如下结果

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

随后 openssl s_client -connect blog.cxzlw.top:443 -showcerts 发现：

Certificate chain
 0 s:CN=cxzlw.top
   i:C=US, O=CLOUDFLARE, INC., CN=Cloudflare TLS Issuing ECC CA 1
   a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA256
   v:NotBefore: Jun 12 20:44:39 2025 GMT; NotAfter: Sep 10 20:50:19 2025 GMT
 1 s:C=US, O=CLOUDFLARE, INC., CN=Cloudflare TLS Issuing ECC CA 1
   i:C=US, O=SSL Corporation, CN=SSL.com TLS Transit ECC CA R2
   a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384
   v:NotBefore: Oct 31 17:17:49 2023 GMT; NotAfter: Oct 28 17:17:48 2033 GMT
 2 s:C=US, O=SSL Corporation, CN=SSL.com TLS Transit ECC CA R2
   i:C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
   a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
   v:NotBefore: Jun 21 00:00:00 2024 GMT; NotAfter: Dec 31 23:59:59 2028 GMT

注意这里的 AAA Certificate Services 已经自今年 4 月 5 日被弃用 Enhancements to Root CA and Hierarchies - Sectigo

网络搜寻关键词 cloudflare AAA Certificate Services 发现类似情况

Cloudflare

SSL

certificate

14 条回复 • 2025-07-16 18:21:13 +08:00