SSL_DO_HANDSHAKE() FAILED SSL: ERROR:1408A0C1/14094418

background¶

The SSL certificate is about to expire. A colleague applied for a new SSL certificate to replace the old one, and reloaded Nginx.

error¶

SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking

SSL_do_handshake() failed (SSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) while SSL handshaking

SSL_do_handshake() failed (SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48) while SSL handshaking

solution¶

N kinds of schemes were invalid after Googling, and finally I changed the certificate .pem to .crt and solved it successfully

# replace
ssl_certificate "*/*.pem"
　　
# to

ssl_certificate "*/*.crt"