13723778149 opened a new issue, #11983: URL: https://github.com/apache/apisix/issues/11983
### Description Refer to the apisix help document https://apisix.apache.org/docs/apisix/certificate/ to add the apisix certificate and confirm that the certificate exists. Verification of port 9443 fails. Execute the following command: 1.Create an SSL object with the certificate and key valid for the SNI: [root@jinzhong_server 03:39:36 /usr/local/apisix-3.11.0]$ curl http://127.0.0.1:9180/apisix/admin/ssls/1 \ > -H "X-API-KEY: uvnjxlbtGHaOwVbdTsplvFsxtZIstTai" -X PUT -d ' > { > "cert" : "'"$(cat /usr/local/apisix/ssl/apisix.xingdong.sh.cn.crt)"'", > "key": "'"$(cat /usr/local/apisix/ssl/apisix.xingdong.sh.cn.key)"'", > "snis": ["apisix.xingdong.sh.cn"] > }' {"key":"/apisix/ssls/1","value":{"cert":" .... ... "create_time":1740040806,"type":"server"}} 2.Create a Router object: [root@jinzhong_server 03:40:06 /usr/local/apisix-3.11.0]$ curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: uvnjxlbtGHaOwVbdTsplvFsxtZIstTai" -X PUT -i -d ' > { > "uri": "/get", > "hosts": ["apisix.xingdong.sh.cn"], > "methods": ["GET"], > "upstream": { > "type": "roundrobin", > "nodes": { > "apisix.xingdong.sh.cn:9443": 1 > } > } > }' HTTP/1.1 201 Created Date: Thu, 20 Feb 2025 08:40:38 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: keep-alive Server: APISIX/3.11.0 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: * Access-Control-Max-Age: 3600 X-API-VERSION: v3 {"key":"/apisix/routes/1","value":{"update_time":1740040838,"create_time":1740040838,"uri":"/get","priority":0,"hosts":["apisix.xingdong.sh.cn"],"status":1,"upstream":{"hash_on":"vars","pass_host":"pass","nodes":{"apisix.xingdong.sh.cn:9443":1},"scheme":"http","type":"roundrobin"},"id":"1","methods":["GET"]}} 3. Send a request to verify: [root@jinzhong_server 03:41:44 /usr/local/apisix-3.11.0]$ curl --resolve 'apisix.xingdong.sh.cn:9443:127.0.0.1' https://apisix.xingdong.sh.cn:9443/get -k -vvv * Added apisix.xingdong.sh.cn:9443:127.0.0.1 to DNS cache * About to connect() to apisix.xingdong.sh.cn port 9443 (#0) * Trying 127.0.0.1... * Connected to apisix.xingdong.sh.cn (127.0.0.1) port 9443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=apisix.xingdong.sh.cn * start date: Feb 19 00:00:00 2025 GMT * expire date: May 20 23:59:59 2025 GMT * common name: apisix.xingdong.sh.cn * issuer: CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US > GET /get HTTP/1.1 > User-Agent: curl/7.29.0 > Host: apisix.xingdong.sh.cn:9443 > Accept: */* > < HTTP/1.1 400 Bad Request < Content-Type: text/html; charset=utf-8 < Content-Length: 327 < Connection: keep-alive < Date: Thu, 20 Feb 2025 08:41:51 GMT < Server: APISIX/3.11.0 < <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>openresty</center> <p><em>Powered by <a href="https://apisix.apache.org/";>APISIX</a>.</em></p></body> </html> * Connection #0 to host apisix.xingdong.sh.cn left intact I don't quite understand where the problem lies, is there any idea for troubleshooting and solving it? ### Environment - APISIX version (run `apisix version`): 3.11.0 - Operating system (run `uname -a`): Linux jinzhong_server 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): nginx version: openresty/1.25.3.2 - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): {"version":"3.11.0","id":"2de91370-3232-4aa2-8d54-06aa8a271e73","boot_time":1740034391,"etcd_version":"3.5.0","hostname":"jinzhong_server"} - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): /usr/local/bin/luarocks 3.8.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
