问题[https](computer)

大约两个月以来，我无法访问我经常访问的一个网站。Firefox 显示以下消息：

未连接：潜在的安全问题

Firefox 检测到潜在的安全威胁，并且没有继续访问 xxxxx.com，因为该网站需要安全连接。

你能为这个做什么？

xxxxx.com 的安全策略为 HTTP 严格传输安全 (HSTS)，这意味着 Firefox 只能安全地连接到该网站。您无法添加例外来访问该网站。

问题很可能出在网站上，您无法解决。您可以将问题告知网站管理员。

网站通过证书证明其身份。Firefox 不信任此网站，因为它使用的证书对 xxxxx.com 无效。该证书仅对以下名称有效：*.a6z-dns.ovh、a6z-dns.ovh

错误代码：SSL_ERROR_BAD_CERT_DOMAIN

当我查看证书时，我看到以下内容：

该网站的证书不是由“Certainly”颁发的，并且名称“a6z-dns.ovh”与域名无关。

这是在我的主工作站上发生的。使用任何浏览器都会发生这种情况，即使是新安装的浏览器（编辑： Firefox、Chromium、Edge、Konqueror、Opera、Falkon、Midori）。从我的工作站上的 VM 和同一网络上的其他机器/设备内部查看网站没有问题。（编辑：这不是公司环境，我不使用任何 OVH Cloud 产品或服务。）

我检查了我的 DNS 设置，重新启动了工作站，尝试了所有我能想到的方法，但都无济于事。有人知道问题可能出在哪里吗？

编辑：根据以下评论提供更多信息：

问题出现之前安装的软件：openSUSE 更新、packman 更新、plexmediaserver、KDE-Extra 的 antiword 更新、KDE-Extra 的 recoll 更新。

我从来没有听说过 OVH Cloud dns。我使用的 dns 服务器是 10.0.0.10（我自己的私网服务器）和 google 的服务器。

我不是所讨论网络服务器的所有者或运营商。我没有给出名称，因为上次我发布这个问题时，它被移到了meta每个人都说“这不是我们的问题”的地方。如果你想知道，网站是stackoverflow.com。（这个启示最好不要再让这个问题被移到meta！）

这显然只会影响这一个工作站。

安装 Azure DevOps 服务器时，在网站设置<generate new self-signed certificate>中使用了该选项：

安装成功完成后，在服务器上浏览该站点似乎没问题：

但是从 Intranet 中的另一台计算机打开 DevOps 站点会显示以下警告：

“您与此站点的连接无效”

我根据 Microsoft 文档检查配置是否正确：为 Azure DevOps Server 配置 HTTPS。

我该如何解决这个问题以摆脱这个警告？

谢谢

我已经安装了Bundle::LWP，几分钟后我得到了这个

$ perl -MLWP -le "print(LWP->VERSION)"
6.68

听起来不错。但是，运行此脚本

#!/usr/bin/perl


# Example code from Chapter 1 of /Perl and LWP/ by Sean M. Burke

# http://www.oreilly.com/catalog/perllwp/

# [email protected]


require 5;

use strict;

use warnings;


use LWP;


my $browser = LWP::UserAgent->new();

my $response = $browser->get("http://www.oreilly.com/");

die "Couldn't access it: ", $response->status_line

 unless $response->is_success;

print $response->header("Server"), "\n";

__END__

给出这个错误：

$ perl a3.pl
Couldn't access it: 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed) at a3.pl line 25.

我该如何解决？

我正在创建一个使用 HTTPS 的安全网站。当 Chrome 访问它时，Chrome 报告了“您的连接不是私密的”错误。

然后我还是使用“高级”按钮访问该网站。

现在，当 Chrome 访问该网站时，它会自动打开该页面，同时仍会在 URL 左侧报告“不安全”。

但我希望 Chrome 在此网站出现“您的连接不是私密的”错误时停止。我如何通过 Chrome 的设置来实现这一点？我已尝试删除该网站的所有 cookie 并修改 Chrome 中的其他安全设置。谷歌没有向我展示如何执行此操作的说明。

在 Mac 上运行 Chrome 版本 102.0.5005.61（官方构建）（x86_64）。

我将 pihole 与 Quad9 DoH 的上游 DNS 服务器一起使用。上游 DNS 和 pihole 通过 docker 配置，docker-compose.yml file上游 DoH 服务器使用cloudflared服务。

version: "3.5"
networks:
   network-pihole:
     name: "dns-pihole"
     driver: bridge
     ipam:
       driver: default
       config:
         - subnet: 192.10.0.0/24    #Internal Docker Network between pihole and wirguard, bridged
  
  cloudflared:
    image: crazymax/cloudflared:latest
    container_name: cloudflared
    ports:
      - '5053:5053/udp'
      - '5053:5053/tcp'
    environment:
      - "TZ=Europe/Budapest"
      - "TUNNEL_DNS_UPSTREAM=https://9.9.9.9/dns-query,https://149.112.112.112/dns-query"
      # - "TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query"
    restart: unless-stopped
    networks:
      network-pihole:
        ipv4_address: 192.10.0.2

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      - "TZ=Europe/London"
      - "PIHOLE_DNS_=192.10.0.2#5053"
    dns:
      - 127.0.0.1
      - 9.9.9.9
    # Volumes store your data between container upgrades
    volumes:
      - "./etc-pihole/:/etc/pihole/"
      - "./etc-dnsmasq.d/:/etc/dnsmasq.d/"
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    networks:
      network-pihole:
        ipv4_address: 192.10.0.3

环境下的cloudflared服务内： . 我将TUNNEL_DNS_UPSTREAM=设置设置为https://9.9.9.9/dns-query,https://149.112.112.112/dns-query. 以及dns: to下的pihole服务。9.9.9.9

一切都很好，但是当我浏览到这个和这个cloudflare 检查器时，它说我没有使用 dns over https/secure dns：

但是，如果我使用 cloudflares DoH，我将TUNNEL_DNS_UPSTREAM=设置设置为dns: to下TUNNEL_DNS_UPSTREAM=https://1.1.1.1/dns-query,https://1.0.0.1/dns-query的pihole服务，然后再次运行两个 cloudflare 测试，它现在显示：Using DNS over HTTPS (DoH) yes and a green tick for secure dns。1.1.1.1

我不确定为什么这些测试不适用于 Quad9 DoH。还有其他方法可以验证我使用的是 Quad9 DoH 吗？

我什至不确定是否可以使用wireshark 查看数据包以查看dns 查询是否已加密？我对wirehshark很陌生，所以如果这是一种验证Quad9 DoH的方法，那么我不确定我在寻找什么。

这是一个奇怪的问题，（到目前为止）仅针对 plex.tv 网站。我从网络上的各种设备中看到了同样的问题。最终，简单地尝试在我的浏览器中访问https://plex.tv会导致与 TLS 证书相关的安全错误。经过进一步挖掘，似乎服务器为此站点提供了不正确的 TLS 证书（结果不一致）：

$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:ab:09:ea:f2:c6:3c:f2:d4:4f:60:63:b9:36:5b:40
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
        Validity
            Not Before: Oct 26 00:00:00 2021 GMT
            Not After : Nov 24 23:59:59 2022 GMT
        Subject: CN = *.prod-route-1bun4qeekg9pa-235394468.eu-west-1.convox.site
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:3e:04:76:d6:d5:53:73:f9:01:21:c0:b5:6f:
                    3c:07:82:43:c5:c5:43:ba:34:55:47:bc:0e:8b:b5:
                    ac:f8:70:23:c4:b1:5c:a9:54:ac:9e:f7:e7:a3:7a:
                    ff:bd:b7:d4:23:33:0b:5c:18:dc:71:2d:ff:e7:9d:
                    74:5e:28:03:e5:e6:55:de:07:79:9b:d3:80:43:95:
                    8a:9d:5e:97:33:61:b7:ce:4e:9f:ca:7c:c1:14:b5:
                    d1:97:aa:1a:96:45:a4:99:7f:8b:92:d0:34:68:a2:
                    56:d8:d7:c0:e1:4a:bf:4f:73:42:43:b0:31:66:53:
                    73:fb:b5:12:a6:a9:da:29:67:bc:b8:a1:0f:f0:ff:
                    1e:fc:92:ac:b4:fa:07:18:f5:a3:b4:19:b2:f4:53:
                    42:b6:aa:eb:a1:3b:4a:fa:e3:4a:86:84:fc:4a:b3:
                    a6:c8:fe:64:fa:9f:68:d5:ba:f4:17:63:54:44:7c:
                    03:57:3b:44:12:c8:ab:b8:e9:ab:28:09:ee:f1:9d:
                    fa:e2:dd:bd:e3:3c:d6:81:74:1f:6c:90:e0:8e:19:
                    b3:3c:ba:84:4d:76:6f:9b:a4:68:f9:2b:45:04:4b:
                    ba:d4:a4:10:e0:c5:f5:8d:c7:22:6a:31:9b:55:57:
                    b8:cf:4e:99:61:37:9a:76:7a:1f:db:eb:fc:dc:7f:
                    90:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:59:A4:66:06:52:A0:7B:95:92:3C:A3:94:07:27:96:74:5B:F9:3D:D0

            X509v3 Subject Key Identifier:
                13:8A:D5:41:DB:F8:09:44:45:58:09:2C:8A:60:AB:63:3A:5C:5E:41
            X509v3 Subject Alternative Name:
                DNS:*.prod-route-1bun4qeekg9pa-235394468.eu-west-1.convox.site
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.sca1b.amazontrust.com/sca1b-1.crl

            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.1

            Authority Information Access:
                OCSP - URI:http://ocsp.sca1b.amazontrust.com
                CA Issuers - URI:http://crt.sca1b.amazontrust.com/sca1b.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                                BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                    Timestamp : Oct 26 09:27:20.701 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:C0:80:22:90:66:67:44:5D:F2:02:CC:
                                4F:B7:65:7A:B3:85:19:26:3D:1F:75:A1:1D:11:17:0D:
                                BC:E0:54:5E:EC:02:20:38:E9:B5:AB:13:75:98:CB:EF:
                                77:EB:65:24:DE:16:8F:3E:CF:3A:1A:53:ED:BB:4F:80:
                                7D:55:6D:16:55:5F:9D
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
                                7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
                    Timestamp : Oct 26 09:27:20.775 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:61:14:E9:12:D0:15:D7:BC:9D:A7:B5:DC:
                                23:DC:49:F1:11:C9:6C:9E:3D:D7:3E:2D:5B:13:57:3B:
                                10:EB:8A:77:02:20:32:E2:8F:B4:98:77:99:D8:6E:3B:
                                2B:84:E3:27:D8:9E:FF:E2:5C:95:B9:9F:2E:47:6F:93:
                                BD:12:20:CC:F7:CD
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:
                                4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                    Timestamp : Oct 26 09:27:20.711 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:7A:28:AA:62:3E:A6:45:B3:43:98:AE:F7:
                                41:68:5C:BF:CD:90:E8:EB:00:B8:51:C0:69:08:F8:81:
                                AE:98:12:40:02:21:00:A5:EC:A7:4F:15:F2:4E:E2:8D:
                                95:19:70:EA:62:F6:4F:88:97:07:38:87:97:4B:53:25:
                                E0:CB:28:29:C0:19:B3
    Signature Algorithm: sha256WithRSAEncryption
         16:3f:02:df:0d:04:d4:fd:a4:d7:1b:71:ba:55:ec:3f:8f:2c:
         37:89:bb:83:1a:67:93:9b:cc:3a:e5:d2:8a:0a:02:ac:ee:f7:
         ed:05:64:11:0f:c5:6f:99:96:85:60:cc:b2:c2:4c:d4:47:db:
         8b:8a:25:9b:8d:30:ad:1c:e1:0d:e9:d4:c7:38:b3:a3:6c:a4:
         b9:25:20:55:fe:12:5d:5c:95:79:b2:55:f9:74:49:7c:83:20:
         b1:1e:e2:0e:2c:33:7d:87:ab:fb:ab:98:44:bd:2b:8c:13:8c:
         c7:f1:dc:1d:b3:1b:20:61:72:2d:b7:49:66:ea:be:7f:3a:7b:
         52:d5:ba:c6:77:0a:c6:6d:f6:07:dc:fa:78:18:ce:08:22:6a:
         95:1a:37:d2:b0:68:d8:f6:0f:0b:74:53:6f:fb:57:61:a2:9f:
         de:d3:26:8f:08:f4:d9:bc:6a:27:d8:fc:78:23:04:4a:b8:7c:
         c9:e9:ff:06:8d:88:2f:42:d7:d4:19:62:bd:ff:d1:7b:ea:26:
         de:be:d6:c0:bd:cc:dc:b8:2f:8e:b9:58:27:b2:e6:bb:60:08:
         90:a9:c3:37:98:55:b0:6f:9e:55:a0:57:81:f4:39:71:34:5b:
         b1:85:30:a7:0f:23:6b:59:b8:86:4e:05:5e:40:04:36:4b:1e:
         d9:4f:8b:11
-----BEGIN CERTIFICATE----- MIIGKzCCBROgAwIBAgIQAasJ6vLGPPLUT2BjuTZbQDANBgkqhkiG9w0BAQsFADBG MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMTEwMjYwMDAwMDBaFw0yMjExMjQy MzU5NTlaMEUxQzBBBgNVBAMMOioucHJvZC1yb3V0ZS0xYnVuNHFlZWtnOXBhLTIz NTM5NDQ2OC5ldS13ZXN0LTEuY29udm94LnNpdGUwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDQPgR21tVTc/kBIcC1bzwHgkPFxUO6NFVHvA6Ltaz4cCPE sVypVKye9+ejev+9t9QjMwtcGNxxLf/nnXReKAPl5lXeB3mb04BDlYqdXpczYbfO Tp/KfMEUtdGXqhqWRaSZf4uS0DRoolbY18DhSr9Pc0JDsDFmU3P7tRKmqdopZ7y4 oQ/w/x78kqy0+gcY9aO0GbL0U0K2quuhO0r640qGhPxKs6bI/mT6n2jVuvQXY1RE fANXO0QSyKu46asoCe7xnfri3b3jPNaBdB9skOCOGbM8uoRNdm+bpGj5K0UES7rU pBDgxfWNxyJqMZtVV7jPTplhN5p2eh/b6/zcf5CdAgMBAAGjggMUMIIDEDAfBgNV HSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQUE4rVQdv4CURF WAksimCrYzpcXkEwRQYDVR0RBD4wPII6Ki5wcm9kLXJvdXRlLTFidW40cWVla2c5 cGEtMjM1Mzk0NDY4LmV1LXdlc3QtMS5jb252b3guc2l0ZTAOBgNVHQ8BAf8EBAMC BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2MDQwMqAw oC6GLGh0dHA6Ly9jcmwuc2NhMWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLTEuY3Js MBMGA1UdIAQMMAowCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkwZzAtBggrBgEFBQcw AYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1c3QuY29tMDYGCCsGAQUFBzAC hipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcnQwDAYD VR0TAQH/BAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAKXm+8J45OSHw VnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF8u+zzfQAABAMARzBFAiEAwIAikGZn RF3yAsxPt2V6s4UZJj0fdaEdERcNvOBUXuwCIDjptasTdZjL73frZSTeFo8+zzoa U+27T4B9VW0WVV+dAHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUA AAF8u+zzxwAABAMARjBEAiBhFOkS0BXXvJ2ntdwj3EnxEclsnj3XPi1bE1c7EOuK dwIgMuKPtJh3mdhuOyuE4yfYnv/iXJW5ny5Hb5O9EiDM980AdgBByMqx3yJGShDG oToJQodeTjGLGwPr60vHaPCQYpYG9gAAAXy77POHAAAEAwBHMEUCIHooqmI+pkWz Q5iu90FoXL/NkOjrALhRwGkI+IGumBJAAiEApeynTxXyTuKNlRlw6mL2T4iXBziH l0tTJeDLKCnAGbMwDQYJKoZIhvcNAQELBQADggEBABY/At8NBNT9pNcbcbpV7D+P LDeJu4MaZ5ObzDrl0ooKAqzu9+0FZBEPxW+ZloVgzLLCTNRH24uKJZuNMK0c4Q3p 1Mc4s6NspLklIFX+El1clXmyVfl0SXyDILEe4g4sM32Hq/urmES9K4wTjMfx3B2z GyBhci23SWbqvn86e1LVusZ3CsZt9gfc+ngYzggiapUaN9KwaNj2Dwt0U2/7V2Gi n97TJo8I9Nm8aifY/HgjBEq4fMnp/waNiC9C19QZYr3/0XvqJt6+1sC9zNy4L465 WCey5rtgCJCpwzeYVbBvnlWgV4H0OXE0W7GFMKcPI2tZuIZOBV5ABDZLHtlPixE=
-----END CERTIFICATE-----

再次运行相同的命令，我得到略有不同的结果：

$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:3c:cd:0c:d9:b4:37:2a:6a:b0:3d:c2:a6:5e:84:9b:27:70:2c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress = [email protected]
        Validity
            Not Before: Feb 22 12:08:05 2021 GMT
            Not After : Mar 24 12:07:05 2022 GMT
        Subject: CN = *.bankersalmanac.com, O = LNRS Data Services Ltd, L = Sutton, ST = Surrey, C = GB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3a:5c:1a:07:d2:43:07:e6:4c:60:04:f7:88:
                    09:4e:1c:80:85:65:b3:52:f8:1a:e1:db:a9:f8:91:
                    e9:c4:da:d4:11:f7:e0:af:b3:02:ea:e5:b5:7b:48:
                    3b:c8:f6:21:4f:f4:f2:1c:c6:df:c7:e7:81:fb:b3:
                    6b:3f:ee:a9:78:a7:1b:15:f6:e2:be:08:92:97:f1:
                    97:39:49:4a:2c:78:60:c7:c2:c2:5d:77:8a:33:30:
                    6d:c1:1c:05:d7:7e:1b:52:e4:75:61:39:c4:a8:5d:
                    96:ab:ef:1d:56:d1:ff:35:f4:43:e2:81:ac:ce:ac:
                    7c:79:3d:2c:23:fd:cb:24:83:d3:f1:36:46:69:f9:
                    0e:ff:67:e0:b3:b3:38:ab:39:c3:43:36:2c:c0:22:
                    0b:fe:bb:1e:a7:e6:ae:d0:39:8b:e1:9d:98:d8:6f:
                    d3:3d:04:5b:45:e8:b2:a1:e6:15:7b:ef:4b:f5:0d:
                    c5:89:54:92:05:8a:24:14:52:cc:d5:66:3b:9d:8c:
                    d5:9f:7c:10:15:a8:8c:eb:57:e6:7b:c5:19:58:f2:
                    48:01:ee:36:d5:8d:9f:14:3c:26:ba:73:5c:09:68:
                    67:be:c2:c0:99:af:23:96:4f:18:2e:bc:b5:be:c1:
                    b3:23:b2:cb:5e:ec:0c:a9:0c:fe:7c:d0:bd:bb:d4:
                    84:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Subject Key Identifier:
                54:23:E1:8A:6D:76:AA:55:60:A4:00:DC:2B:CC:C4:7E:DE:3A:91:8B
            X509v3 Authority Key Identifier:
                keyid:CA:CE:1D:18:03:77:1E:1C:F3:7C:58:B2:9A:70:A8:08:80:16:F4:AE

            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.2
                  CPS: https://certs.securetrust.com/CA

            X509v3 Subject Alternative Name:
                DNS:*.bankersalmanac.com, DNS:bankersalmanac.com
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.securetrust.com/OVCA2_L1.crl

            Authority Information Access:
                OCSP - URI:http://ocsp.securetrust.com/
                CA Issuers - URI:http://certs.securetrust.com/issuers/OVCA2_L1.crt

            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 6F:53:76:AC:31:F0:31:19:D8:99:00:A4:51:15:FF:77:
                                15:1C:11:D9:02:C1:00:29:06:8D:B2:08:9A:37:D9:13
                    Timestamp : Feb 22 18:08:05.907 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:D1:76:7D:FF:E8:3F:BF:B5:02:BF:34:
                                A1:95:F9:64:FD:4D:F4:E9:66:6A:41:CD:C8:DB:1C:87:
                                44:37:12:D2:0E:02:21:00:FA:DA:55:1E:85:9C:5F:CF:
                                60:4A:38:B7:E1:88:A3:A1:5A:A8:BF:3E:B5:CD:CF:2B:
                                C5:5C:E2:84:B5:AD:B6:7C
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
                                BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
                    Timestamp : Feb 22 18:08:05.462 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:78:A7:23:96:7F:4A:5C:F2:3D:03:71:95:
                                89:88:4C:D8:02:65:6C:D7:0F:F3:30:E4:66:58:FA:73:
                                84:EA:E0:C6:02:20:4C:C4:A6:04:5F:B3:76:55:D4:A7:
                                C2:25:E1:EF:C7:0F:67:25:2D:08:A4:4C:55:91:C9:C8:
                                A1:B8:5F:91:E8:1C
    Signature Algorithm: sha256WithRSAEncryption
         9a:d0:31:15:2e:c8:d0:b4:63:22:8d:c1:b0:11:44:a3:13:8d:
         35:83:1a:5d:52:77:64:29:30:ae:03:fb:80:3a:de:9f:56:4b:
         18:a3:99:0a:ad:a4:a6:3e:bb:cf:69:bd:94:3d:35:42:18:6e:
         87:10:17:35:5f:a7:32:a8:95:50:d5:68:df:a8:82:52:db:71:
         ce:a5:b8:46:b4:bc:db:a6:c0:de:d1:41:25:bc:a5:cf:d8:80:
         d2:de:e0:36:ca:c1:ed:e8:4e:9b:26:2b:40:29:7b:be:4a:2e:
         52:9b:fe:19:a7:b3:41:01:f9:74:14:3b:2b:cb:2a:2d:9c:af:
         bb:8e:8c:43:0b:48:55:04:8b:37:a4:1b:27:3a:2b:92:e8:d0:
         42:6d:fb:0a:68:be:fe:8c:71:0e:a2:05:6d:b7:49:7e:75:b6:
         d7:dd:42:35:48:e6:00:30:40:7c:66:6b:6b:94:e8:4a:c5:28:
         30:28:10:d2:c4:71:61:e8:59:22:d7:b9:53:ab:57:29:4c:22:
         35:6e:9b:e1:e8:d7:b3:36:48:8c:94:24:ac:f3:e4:13:75:11:
         be:c1:ca:93:0c:18:da:ac:9d:a2:21:1b:6a:ee:dd:de:ed:55:
         95:fc:34:9b:94:b3:d8:4c:f1:05:dc:b1:37:1c:21:a9:7b:83:
         a7:99:d7:36
-----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgITBzzNDNm0NypqsD3Cpl6EmydwLDANBgkqhkiG9w0BAQsF
ADCBtTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdD
aGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIEluYy4xPTA7BgNV
BAMTNFRydXN0d2F2ZSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBTSEEyNTYgQ0Es
IExldmVsIDExHzAdBgkqhkiG9w0BCQEWEGNhQHRydXN0d2F2ZS5jb20wHhcNMjEw
MjIyMTIwODA1WhcNMjIwMzI0MTIwNzA1WjBvMR0wGwYDVQQDDBQqLmJhbmtlcnNh
bG1hbmFjLmNvbTEfMB0GA1UEChMWTE5SUyBEYXRhIFNlcnZpY2VzIEx0ZDEPMA0G
A1UEBxMGU3V0dG9uMQ8wDQYDVQQIEwZTdXJyZXkxCzAJBgNVBAYTAkdCMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DpcGgfSQwfmTGAE94gJThyAhWWz
Uvga4dup+JHpxNrUEffgr7MC6uW1e0g7yPYhT/TyHMbfx+eB+7NrP+6peKcbFfbi
vgiSl/GXOUlKLHhgx8LCXXeKMzBtwRwF134bUuR1YTnEqF2Wq+8dVtH/NfRD4oGs
zqx8eT0sI/3LJIPT8TZGafkO/2fgs7M4qznDQzYswCIL/rsep+au0DmL4Z2Y2G/T
PQRbReiyoeYVe+9L9Q3FiVSSBYokFFLM1WY7nYzVn3wQFaiM61fme8UZWPJIAe42
1Y2fFDwmunNcCWhnvsLAma8jlk8YLry1vsGzI7LLXuwMqQz+fNC9u9SE5wIDAQAB
o4ICtjCCArIwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdDgQWBBRUI+GKbXaqVWCkANwrzMR+
3jqRizAfBgNVHSMEGDAWgBTKzh0YA3ceHPN8WLKacKgIgBb0rjBDBgNVHSAEPDA6
MDgGBmeBDAECAjAuMCwGCCsGAQUFBwIBFiBodHRwczovL2NlcnRzLnNlY3VyZXRy
dXN0LmNvbS9DQTAzBgNVHREELDAqghQqLmJhbmtlcnNhbG1hbmFjLmNvbYISYmFu
a2Vyc2FsbWFuYWMuY29tMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc2Vj
dXJldHJ1c3QuY29tL09WQ0EyX0wxLmNybDB3BggrBgEFBQcBAQRrMGkwKAYIKwYB
BQUHMAGGHGh0dHA6Ly9vY3NwLnNlY3VyZXRydXN0LmNvbS8wPQYIKwYBBQUHMAKG
MWh0dHA6Ly9jZXJ0cy5zZWN1cmV0cnVzdC5jb20vaXNzdWVycy9PVkNBMl9MMS5j
cnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwBvU3asMfAxGdiZAKRRFf93FRwR
2QLBACkGjbIImjfZEwAAAXfK7U8TAAAEAwBIMEYCIQDRdn3/6D+/tQK/NKGV+WT9
TfTpZmpBzcjbHIdENxLSDgIhAPraVR6FnF/PYEo4t+GIo6FaqL8+tc3PK8Vc4oS1
rbZ8AHUAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF3yu1NVgAA
BAMARjBEAiB4pyOWf0pc8j0DcZWJiEzYAmVs1w/zMORmWPpzhOrgxgIgTMSmBF+z
dlXUp8Il4e/HD2clLQikTFWRycihuF+R6BwwDQYJKoZIhvcNAQELBQADggEBAJrQ
MRUuyNC0YyKNwbARRKMTjTWDGl1Sd2QpMK4D+4A63p9WSxijmQqtpKY+u89pvZQ9
NUIYbocQFzVfpzKolVDVaN+oglLbcc6luEa0vNumwN7RQSW8pc/YgNLe4DbKwe3o
TpsmK0Ape75KLlKb/hmns0EB+XQUOyvLKi2cr7uOjEMLSFUEizekGyc6K5Lo0EJt
+wpovv6McQ6iBW23SX51ttfdQjVI5gAwQHxma2uU6ErFKDAoENLEcWHoWSLXuVOr
VylMIjVum+Ho17M2SIyUJKzz5BN1Eb7BypMMGNqsnaIhG2ru3d7tVZX8NJuUs9hM
8QXcsTccIal7g6eZ1zY=
-----END CERTIFICATE-----

更简洁地说，这应该希望能更好地突出我看到的问题：

$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: CN = *.bankersalmanac.com, O = LNRS Data Services Ltd, L = Sutton, ST = Surrey, C = GB
$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: CN = *.bankersalmanac.com, O = LNRS Data Services Ltd, L = Sutton, ST = Surrey, C = GB
$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: CN = *.prod-route-1bun4qeekg9pa-235394468.eu-west-1.convox.site
$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: CN = *.bankersalmanac.com, O = LNRS Data Services Ltd, L = Sutton, ST = Surrey, C = GB
$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: CN = *.prod-route-1bun4qeekg9pa-235394468.eu-west-1.convox.site
$ openssl s_client -servername plex.tv -connect plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: CN = *.bankersalmanac.com, O = LNRS Data Services Ltd, L = Sutton, ST = Surrey, C = GB

为什么访问 plex.tv 域时会提供 bankalmanac.com 和 convox.site TLS 证书？另外，如果我使用 www 子域，我会得到正确的结果：

$ openssl s_client -servername www.plex.tv -connect www.plex.tv:443 2>/dev/null </dev/null | openssl x509 -text| grep 'Subject:'
        Subject: C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = plex.tv

我的本地 ISP（康卡斯特）和 plex.tv 服务器（Cloudflare？AWS？）之间似乎发生了一些奇怪的事情。有谁知道这里发生了什么？我会直接联系 Plex 团队，但我显然无法访问他们的支持论坛来发布这个问题。

今天突然所有的 HTTPS 请求，我的 Ubuntu 14 服务器使用 Let's Encrypt 颁发的 SSL 证书发送到网站，开始失败。cURL 产生的错误是：

curl: (60) SSL certificate problem: certificate has expired

当我使用此命令检查网站证书时：

echo -n | openssl s_client -showcerts -connect website.com:443 -servername website.com

我看到所有证书链都是最新的。

那么为什么我会收到过期错误？如何解决？

注意：这不是如何在 Chrome 中停止从“http://”到“https://”的自动重定向的重复

在 Windows 7 上的 Chrome 93 中：

• 我浏览到http://example.net/a
• Chrome在地址栏中隐藏了协议，所以我只看到“example.net/a”
• 我将 URL 编辑为“example.net/b”
• 这将我带到http://example.net/b而我预计会去http://example.net/b

有没有办法禁用这种极其烦人的行为？

请注意，这里没有 HSTS - 如果我在 chrome://net-internals/#hsts 下查询“example.net”，它会显示“未找到”。即使在没有任何扩展的隐身模式下也会发生这种情况。在 Firefox 中不会发生。

截至昨天，在更新我的 Debian 10+bpo 系统后，每当我尝试git clone,git fetch或任何其他依赖网络的 git 操作时，我都会得到fatal: unable to access 'https://domain.example/repo.git': Failed sending HTTP2 data或fatal: unable to access 'https://domain.example/repo.git': Failed sending HTTP request，这取决于 git 服务器是否支持 HTTP2。有趣的是，如果我使用git://or ssh 方案而不是https://，命令会成功，可能是因为curl没有使用。我尝试禁用 SSL 验证，git config --global http.sslVerify false但无济于事。我也尝试重新安装libcurl, libgnutls,libnettle和libhogweed，但这也无济于事。将git 从降级1:2.29.2-1~bpo10+1到1:2.20.1-2+deb10u3也没有用，我正在努力在不破坏系统的情况下降级库。

GIT_CURL_VERBOSE=1 GIT_TRACE2=1 git clone https://github.com/imageworks/pystring.git/（对于 HTTP2）的输出：

14:48:42.804049 common-main.c:48                  version 2.29.2
14:48:42.804073 common-main.c:49                  start git clone https://github.com/imageworks/pystring.git/
14:48:42.804104 git.c:445                         cmd_name clone (clone)
14:48:42.804316 repository.c:130                  worktree /home/user/apps/blender-git/pystring
Cloning into 'pystring'...
14:48:42.807866 run-command.c:735                 child_start[0] git remote-https origin https://github.com/imageworks/pystring.git/
14:48:42.809068 common-main.c:48                  version 2.29.2
14:48:42.809107 common-main.c:49                  start /usr/lib/git-core/git remote-https origin https://github.com/imageworks/pystring.git/
14:48:42.809171 git.c:723                         cmd_name _run_dashed_ (clone/_run_dashed_)
14:48:42.809181 run-command.c:735                 child_start[0] git-remote-https origin https://github.com/imageworks/pystring.git/
14:48:42.813549 common-main.c:48                  version 2.29.2
14:48:42.813565 common-main.c:49                  start /usr/lib/git-core/git-remote-https origin https://github.com/imageworks/pystring.git/
14:48:42.813642 repository.c:130                  worktree /home/user/apps/blender-git
14:48:42.813660 remote-curl.c:1482                cmd_name remote-curl (clone/_run_dashed_/remote-curl)
14:48:42.813992 http.c:756              == Info: Couldn't find host github.com in the .netrc file; using defaults
14:48:42.817012 http.c:756              == Info:   Trying 52.64.108.95:443...
14:48:42.848824 http.c:756              == Info: Connected to github.com (52.64.108.95) port 443 (#0)
14:48:42.872164 http.c:756              == Info: found 414 certificates in /etc/ssl/certs
14:48:42.872268 http.c:756              == Info: ALPN, offering h2
14:48:42.872274 http.c:756              == Info: ALPN, offering http/1.1
14:48:42.905343 http.c:756              == Info: SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
14:48:42.905367 http.c:756              == Info:         server certificate verification SKIPPED
14:48:42.905374 http.c:756              == Info:         server certificate status verification SKIPPED
14:48:42.905614 http.c:756              == Info:         common name: github.com (matched)
14:48:42.905624 http.c:756              == Info:         server certificate expiration date OK
14:48:42.905649 http.c:756              == Info:         server certificate activation date OK
14:48:42.905664 http.c:756              == Info:         certificate public key: EC/ECDSA
14:48:42.905669 http.c:756              == Info:         certificate version: #3
14:48:42.905715 http.c:756              == Info:         subject: C=US,ST=California,L=San Francisco,O=GitHub\, Inc.,CN=github.com
14:48:42.905743 http.c:756              == Info:         start date: Thu, 25 Mar 2021 00:00:00 GMT
14:48:42.905749 http.c:756              == Info:         expire date: Wed, 30 Mar 2022 23:59:59 GMT
14:48:42.905770 http.c:756              == Info:         issuer: C=US,O=DigiCert\, Inc.,CN=DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1
14:48:42.905787 http.c:756              == Info: ALPN, server accepted to use h2
14:48:42.905827 http.c:756              == Info: Using HTTP2, server supports multi-use
14:48:42.905832 http.c:756              == Info: Connection state changed (HTTP/2 confirmed)
14:48:42.905838 http.c:756              == Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
14:48:42.905848 http.c:756              == Info: Failed sending HTTP2 data
14:48:42.905857 http.c:756              == Info: Connection #0 to host github.com left intact
14:48:42.905923 usage.c:64                        error unable to access 'https://github.com/imageworks/pystring.git/': Failed sending HTTP2 data
fatal: unable to access 'https://github.com/imageworks/pystring.git/': Failed sending HTTP2 data
14:48:42.905937 usage.c:68                        exit elapsed:0.092565 code:128
14:48:42.905944 trace2/tr2_tgt_normal.c:123       atexit elapsed:0.092574 code:128
14:48:42.906771 run-command.c:990                 child_exit[0] pid:83401 code:128 elapsed:0.097579
14:48:42.906805 git.c:745                         exit elapsed:0.097976 code:128
14:48:42.906834 trace2/tr2_tgt_normal.c:123       atexit elapsed:0.098004 code:128
14:48:42.907086 transport-helper.c:581            exit elapsed:0.103296 code:128
14:48:42.907580 trace2/tr2_tgt_normal.c:123       atexit elapsed:0.103794 code:128

GIT_CURL_VERBOSE=1 GIT_TRACE2=1 git clone https://git.blender.org/blender.git（对于 HTTP1）的输出：

14:52:36.744018 common-main.c:48                  version 2.29.2
14:52:36.744038 common-main.c:49                  start git clone https://git.blender.org/blender.git
14:52:36.744051 git.c:445                         cmd_name clone (clone)
14:52:36.744198 repository.c:130                  worktree /home/user/apps/blender
Cloning into 'blender'...
14:52:36.747829 run-command.c:735                 child_start[0] git remote-https origin https://git.blender.org/blender.git
14:52:36.749130 common-main.c:48                  version 2.29.2
14:52:36.749146 common-main.c:49                  start /usr/lib/git-core/git remote-https origin https://git.blender.org/blender.git
14:52:36.749209 git.c:723                         cmd_name _run_dashed_ (clone/_run_dashed_)
14:52:36.749221 run-command.c:735                 child_start[0] git-remote-https origin https://git.blender.org/blender.git
14:52:36.753056 common-main.c:48                  version 2.29.2
14:52:36.753068 common-main.c:49                  start /usr/lib/git-core/git-remote-https origin https://git.blender.org/blender.git
14:52:36.753138 repository.c:130                  worktree /home/user/apps
14:52:36.753164 remote-curl.c:1482                cmd_name remote-curl (clone/_run_dashed_/remote-curl)
14:52:36.753479 http.c:756              == Info: Couldn't find host git.blender.org in the .netrc file; using defaults
14:52:36.976470 http.c:756              == Info:   Trying 82.94.226.105:443...
14:52:37.283163 http.c:756              == Info: Connected to git.blender.org (82.94.226.105) port 443 (#0)
14:52:37.316727 http.c:756              == Info: found 414 certificates in /etc/ssl/certs
14:52:37.316825 http.c:756              == Info: ALPN, offering h2
14:52:37.316835 http.c:756              == Info: ALPN, offering http/1.1
14:52:38.205929 http.c:756              == Info: SSL connection using TLS1.3 / ECDHE_RSA_AES_256_GCM_SHA384
14:52:38.205945 http.c:756              == Info:         server certificate verification SKIPPED
14:52:38.205950 http.c:756              == Info:         server certificate status verification SKIPPED
14:52:38.206028 http.c:756              == Info:         common name: git.blender.org (matched)
14:52:38.206035 http.c:756              == Info:         server certificate expiration date OK
14:52:38.206039 http.c:756              == Info:         server certificate activation date OK
14:52:38.206048 http.c:756              == Info:         certificate public key: RSA
14:52:38.206052 http.c:756              == Info:         certificate version: #3
14:52:38.206061 http.c:756              == Info:         subject: CN=git.blender.org
14:52:38.206068 http.c:756              == Info:         start date: Sat, 10 Apr 2021 21:01:12 GMT
14:52:38.206073 http.c:756              == Info:         expire date: Fri, 09 Jul 2021 21:01:12 GMT
14:52:38.206087 http.c:756              == Info:         issuer: C=US,O=Let's Encrypt,CN=R3
14:52:38.206097 http.c:756              == Info: ALPN, server accepted to use http/1.1
14:52:38.206119 http.c:756              == Info: Failed sending HTTP request
14:52:38.206127 http.c:756              == Info: Connection #0 to host git.blender.org left intact
14:52:38.206200 usage.c:64                        error unable to access 'https://git.blender.org/blender.git/': Failed sending HTTP request
fatal: unable to access 'https://git.blender.org/blender.git/': Failed sending HTTP request
14:52:38.206216 usage.c:68                        exit elapsed:1.453319 code:128
14:52:38.206223 trace2/tr2_tgt_normal.c:123       atexit elapsed:1.453328 code:128
14:52:38.207093 run-command.c:990                 child_exit[0] pid:85831 code:128 elapsed:1.457863
14:52:38.207131 git.c:745                         exit elapsed:1.458262 code:128
14:52:38.207140 trace2/tr2_tgt_normal.c:123       atexit elapsed:1.458288 code:128
14:52:38.207310 transport-helper.c:581            exit elapsed:1.463514 code:128
14:52:38.207751 trace2/tr2_tgt_normal.c:123       atexit elapsed:1.463956 code:128

输出GIT_TRACE2=1 git clone git://github.com/imageworks/pystring.git/：

13:30:27.152552 common-main.c:48                  version 2.29.2
13:30:27.152566 common-main.c:49                  start git clone git://github.com/imageworks/pystring.git/
13:30:27.152577 git.c:445                         cmd_name clone (clone)
13:30:27.152720 repository.c:130                  worktree /home/user/apps/pystring
Cloning into 'pystring'...
13:30:28.360314 run-command.c:735                 child_start[0] git index-pack --stdin -v --fix-thin '--keep=fetch-pack 36506 on wsmb-3fd4' --check-self-contained-and-connected
remote: Enumerating objects: 130, done.
remote: Counting objects: 100% (7/7), done.
remote: Compressing objects: 100% (7/7), done.
13:30:28.361412 common-main.c:48                  version 2.29.2
13:30:28.361444 common-main.c:49                  start /usr/lib/git-core/git index-pack --stdin -v --fix-thin '--keep=fetch-pack 36506 on wsmb-3fd4' --check-self-contained-and-connected
13:30:28.361509 repository.c:130                  worktree /home/user/apps
13:30:28.361581 git.c:445                         cmd_name index-pack (clone/index-pack)
remote: Total 130 (delta 2), reused 3 (delta 0), pack-reused 123
Receiving objects: 100% (130/130), 65.18 KiB | 314.00 KiB/s, done.
Resolving deltas: 100% (64/64), done.
13:30:28.781387 git.c:700                         exit elapsed:0.420193 code:0
13:30:28.781400 trace2/tr2_tgt_normal.c:123       atexit elapsed:0.420211 code:0
13:30:28.781752 run-command.c:990                 child_exit[0] pid:36528 code:0 elapsed:0.421436
13:30:28.781939 run-command.c:735                 child_start[1] git rev-list --objects --stdin --not --all --quiet --alternate-refs '--progress=Checking connectivity'
13:30:28.783078 common-main.c:48                  version 2.29.2
13:30:28.783095 common-main.c:49                  start /usr/lib/git-core/git rev-list --objects --stdin --not --all --quiet --alternate-refs '--progress=Checking connectivity'
13:30:28.783143 repository.c:130                  worktree /home/user/apps
13:30:28.783205 git.c:445                         cmd_name rev-list (clone/rev-list)
13:30:28.783479 git.c:700                         exit elapsed:0.000614 code:0
13:30:28.783486 trace2/tr2_tgt_normal.c:123       atexit elapsed:0.000623 code:0
13:30:28.783702 run-command.c:990                 child_exit[1] pid:36533 code:0 elapsed:0.001763
13:30:28.787864 git.c:700                         exit elapsed:1.635530 code:0
13:30:28.787898 trace2/tr2_tgt_normal.c:123       atexit elapsed:1.635567 code:0

输出ldd /usr/bin/git：

    linux-vdso.so.1 (0x00007ffcc67ae000)
    libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f320a759000)
    libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f320a53b000)
    libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f320a51a000)
    librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f320a510000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f320a34f000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f320ab93000)

清除我的gitconfig也无济于事。

在这一点上，我不知所措，不确定我是否需要更改某些内容或只是等待 git/curl 维护人员解决此问题。

关于 chaim.pem 文件的一般问题；我使用从我的主机获得的 csr，并使用 LetsEncrypt 的 Certbot 生成 https 证书；我使用了以下命令

$ certbot certonly --manual --csr file-with-my-csr.txt

certbot产生了3个文件0000_cert.pem、0000_chain.pem、0001_chain.pem；然后我使用 cert.pem 文件将证书安装回我的主机；一切都很顺利。

我的问题是“链”文件的用途是什么，因为我没有在任何地方使用它们；它们在什么场景下有用？