部署V2Ray后WebSocket+TLS用Surge连接提示Invalid Certificate Chain

[PFbHzsiF]

使用TCP并且关掉TLS的情况下可以443与10443接口都可以连接成功。

根据V2Ray教程中的方案2: WebSocket 传输，使用 Nginx & SSL Support 反代 V2Ray，将V2Ray的Port修改为10443，然后依次安装Nginx Proxy与Nginx SSL Support。

再根据

"安装完了 Nginx 下面就可以自动生成 SSL 证书了，如果你要为指定域名生成证书需要进行下面>的操作。

如果你想创建其它应用并自动配置 Nginx 反代则在商店里面选择你想创建的应用

不管你选择了哪一步，则创建应用后在出现的配置界面中，都可以在下面看到一个 显示 Nginx 和 >SSL 选项 的按钮，打开后可以看到下面两部分的配置：

Custom Domain （自定义域名）

是配合 nginx 使用的，它告诉 nginx 遇到访问该域名的请求时，把请求转发（反向代理）给当前>应用。

Host: 要反向代理的域名，多个域名用半角逗号隔开（比如我们填入 hyperapp.io) Port: 这个 Port 是 Ghost 进程监听的 Port，一般情况下并不需要填，因为会自动探测该端口。 HTTPS: 这个是设置配置了HTTPS后怎么处理 HTTP 请求的，共有四个选项 将所有 HTTP 的请求跳转到 HTTPS 上（默认） 不跳转，让 HTTP 和 HTTPS 并存 禁用 HTTP 请求，所有 HTTP 请求将会被丢弃 禁用 HTTPS，只保留 HTTP SSL Support 配合 Nginx SSL Support 使用，当填入一个域名时它会使用 letsencrypt 自动请求并生成该域名的证书。

Host: 要生成证书的域名（默认会与上面的Nginx Host保持同步，所以如果填了上面的域名，此处会自动输入 hyperapp.io） Email: (必填) 用来管理域名证书的邮箱。 现在，只要在服务器上安装这个应用就可以了，等安装成功后，稍等两分钟你在浏览器中打开 https://你的域名 应该就可以访问了！你也可以查看 Nginx SSL Support 的日志，里面会有过程记录。证书生成后会默认保存在 /srv/docker/certs/ 目录下面（如果你没有改配置的话）。"

填写完并update Config之后稍等了一会，在浏览器输入https://域名 之后能看到502 Bad Gateway nginx/1.17.5，在HyperApp的Nginx SSL Support的状态里有显示certs saved to /srv/docker/certs, 手动进入对应文件夹后也能看到证书文件。此时Safari浏览器地址栏前方也有🔒。点开证书后显示的也确实是Let's Encrypt的证书。

但是这个时候修改Surge里的配置文件，使用WS+TLS连接443端口，Surge报错显示Invalid Certificate Chain。在手机上的shadowrocket尝试后同样无法访问Google。

看起来似乎最有可能的情况是Nginx并没有把443端口反代给V2Ray，但是我并不知道如何确认并解决这个问题，Nginx，V2Ray，Surge/Shadowrocket这三个地方我还需要做什么进一步的排查吗？

[PFbHzsiF]

`V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255 V2Ray 4.20.0 (V2Fly, a community-driven edition of V2Ray.) Custom A unified platform for anti-censorship. main: failed to read config file: /etc/v2ray/config.json > v2ray.com/core/main/json: failed to execute v2ctl to convert config file. > v2ray.com/core/common/platform/ctlcmd: failed to execute v2ctl: v2ray.com/core/infra/conf/command: failed to parse json config > v2ray.com/core/infra/conf/serial: failed to parse json config > v2ray.com/core/infra/conf: Failed to build TLS config. > v2ray.com/core/infra/conf: failed to parse certificate > open /certs/domains.crt: no such file or directory

exit status 255

上面是我uninstall掉V2Ray之后再重新Install之后的Log，似乎V2Ray并没有读取到crt证书文件，但是直接去SFTP查看的话文件又都是存在的

[kid101x]

我遇到的问题稍有不同，我是无法使用443，只能使用我自定义的端口号才能正常使用