HTTPS 配置完成但访问报 ERR_SSL_PROTOCOL_ERROR,求大佬指点

1Panel
1

大家好,遇到一个 HTTPS 问题,求助一下 :pray:

环境说明:

  • 系统:Debian 12
  • 域名:crm.xxx.com.cn
  • Web 服务:(Nginx / Apache / 其他)
  • HTTPS 端口:18081(非 443)
  • 证书:ACME 自动申请(DNS 验证,腾讯云 DNS)
  • 浏览器:Chrome / Edge

问题描述:

  • http://crm.xxx.com.cn:18081 访问正常
  • https://crm.xxx.com.cn:18081 无法访问
  • 浏览器报错:
ERR_SSL_PROTOCOL_ERROR

当前状态:

  • 证书申请已完成,无报错
  • 证书文件存在(fullchain.pemprivkey.pem
  • 服务已 reload / restart
  • 访问 HTTPS 时浏览器拿不到任何证书信息

已排查内容:

  • 域名解析正常
  • 18081 端口已监听
  • 防火墙未限制 18081(或已放行)
  • HTTP → HTTPS 跳转已关闭测试
  • 确认不是浏览器缓存问题

疑问 / 怀疑点:

  • 18081 端口是否实际上仍是 HTTP 服务
  • HTTPS 虚拟主机是否未正确绑定到 18081
  • TLS 协议或 listen 配置有问题
  • 实际监听服务与证书配置不匹配

我可以把完整的 Web 服务配置文件贴出来(监听端口、SSL 配置、证书路径等),希望有经验的朋友帮忙看看,非常感谢 :man_bowing:

ScreenShot_2026-02-09_173113_906
ScreenShot_2026-02-09_173113_9061263×1056 46.5 KB

ScreenShot_2026-02-09_173218_731
ScreenShot_2026-02-09_173218_7313840×525 118 KB

ScreenShot_2026-02-09_173158_131
ScreenShot_2026-02-09_173158_1313834×525 104 KB

server {
listen 18081 ssl ;
server_name crm.xxx.com.cn;
index index.php index.html index.htm default.php default.htm default.html;
access_log /www/sites/crm.xxx.com.cn/log/access.log main;
error_log /www/sites/crm.xx.com.cn/log/error.log;
location ~ ^/(.user.ini|.htaccess|.git|.env|.svn|.project|LICENSE|README.md) {
return 404;
}
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
if ( $uri ~ “^/.well-known/.*.(php|jsp|py|js|css|lua|ts|go|zip|tar.gz|rar|7z|sql|bak)$” ) {
return 403;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8081;
}
http2 on;
if ($scheme = http) {
return 301 https://$host:18081$request_uri;
}
ssl_certificate /www/sites/crm.xxx.com.cn/ssl/fullchain.pem;
ssl_certificate_key /www/sites/crm.xxx.com.cn/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains”;
}

2

浏览器报 SSL 协议错误且 HTTP 能访问,说明端口目前跑的是 HTTP。请检查是否其他配置文件或 Docker 映射占用了 18081 端口,导致 SSL 配置未生效。

3

点一下重载配置,或者直接重启nginx

4

点过了,没用