The SSL certificate is about to expire. A colleague applied for a new SSL certificate to replace the old one, and reloaded Nginx.
SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking SSL_do_handshake() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) while SSL handshaking SSL_do_handshake() failed (SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48) while SSL handshaking
N kinds of schemes were invalid after Googling, and finally I changed the certificate .pem to .crt and solved it successfully
# replace ssl_certificate "*/*.pem" # to ssl_certificate "*/*.crt"