An error is reported after the ssl certificate is installed, indicating that there is no common algorithm for both parties.

1. Follow the article http://www.williamlong.info/a., and the result shows an error: replacement of a new ssl certificate still shows an error.

the following is the httpd-ssl.conf code, file path / opt/lampp/etc/extra/httpd-ssl.conf

This is the Apache server configuration file providing SSL support.
-sharp It contains the configuration directives to instruct the server how to
-sharp serve pages over an https connection. For detailed information about these 
-sharp directives see <URL:http://httpd.apache.org/docs/trunk/mod/mod_ssl.html>
-sharp 
-sharp Do NOT simply read the instructions in here without understanding
-sharp what they do.  They"re here only as hints or reminders.  If you are unsure
-sharp consult the online docs. You have been warned.  
-sharp
-sharp Required modules: mod_log_config, mod_setenvif, mod_ssl,
-sharp          socache_shmcb_module (for default value of SSLSessionCache)

-sharp
-sharp Pseudo Random Number Generator (PRNG):
-sharp Configure one or more sources to seed the PRNG of the SSL library.
-sharp The seed data should be of good random quality.
-sharp WARNING! On some platforms /dev/random blocks if not enough entropy
-sharp is available. This means you then cannot use the /dev/random device
-sharp because it would lead to very long connection times (as long as
-sharp it requires to make more entropy available). But usually those
-sharp platforms additionally provide a /dev/urandom device which doesn"t
-sharp block. So, if available, use this one instead. Read the mod_ssl User
-sharp Manual for more details.
-sharp
-sharpSSLRandomSeed startup file:/dev/random  512
-sharpSSLRandomSeed startup file:/dev/urandom 512
-sharpSSLRandomSeed connect file:/dev/random  512
-sharpSSLRandomSeed connect file:/dev/urandom 512


-sharp
-sharp When we also provide SSL we have to listen to the 
-sharp standard HTTP port (see above) and to the HTTPS port
-sharp
-sharp Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-sharp       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
-sharp
Listen 443

-sharp-sharp
-sharp-sharp  SSL Global Context
-sharp-sharp
-sharp-sharp  All SSL configuration in this context applies both to
-sharp-sharp  the main server and all SSL-enabled virtual hosts.
-sharp-sharp

-sharp   SSL Cipher Suite:
-sharp   List the ciphers that the client is permitted to negotiate.
-sharp   See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

-sharp   Speed-optimized SSL Cipher configuration:
-sharp   If speed is your main concern (on busy HTTPS servers e.g.),
-sharp   you might want to force clients to specific, performance
-sharp   optimized ciphers. In this case, prepend those ciphers
-sharp   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
-sharp   Caveat: by giving precedence to RC4-SHA and AES128-SHA
-sharp   (as in the example below), most connections will no longer
-sharp   have perfect forward secrecy - if the server"s key is
-sharp   compromised, captures of past or future traffic must be
-sharp   considered compromised, too.
-sharpSSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
-sharpSSLHonorCipherOrder on 

SSLProtocol TLS1.1 TLS1.2

-sharp   Pass Phrase Dialog:
-sharp   Configure the pass phrase gathering process.
-sharp   The filtering dialog program (`builtin" is an internal
-sharp   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

-sharp   Inter-Process Session Cache:
-sharp   Configure the SSL Session Cache: First the mechanism 
-sharp   to use and second the expiring timeout (in seconds).
-sharpSSLSessionCache         "dbm:/opt/lampp/logs/ssl_scache"
SSLSessionCache        "shmcb:/opt/lampp/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

-sharp-sharp
-sharp-sharp SSL Virtual Host Context
-sharp-sharp

<VirtualHost _default_:443>

-sharp   General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs/wordp"
ServerName www.architect.wang:443
ServerAlias architect.wang:443
-sharp ServerAlias www.architect.wang:443
-sharp ServerAdmin you@example.com
ErrorLog "/opt/lampp/logs/error_log"
TransferLog "/opt/lampp/logs/access_log"

-sharp   SSL Engine Switch:
-sharp   Enable/Disable SSL for this virtual host.
SSLEngine on

-sharp   Server Certificate:
-sharp   Point SSLCertificateFile at a PEM encoded certificate.  If
-sharp   the certificate is encrypted, then you will be prompted for a
-sharp   pass phrase.  Note that a kill -HUP will prompt again.  Keep
-sharp   in mind that if you have both an RSA and a DSA certificate you
-sharp   can configure both in parallel (to also allow the use of DSA
-sharp   ciphers, etc.)
-sharp   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
-sharp   require an ECC certificate which can also be configured in
-sharp   parallel.
SSLCertificateFile "/etc/letsencrypt/live/wang2/www.architect.wang.crt"
-sharpSSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
-sharpSSLCertificateFile "/opt/lampp/etc/server-dsa.crt"
-sharpSSLCertificateFile "/opt/lampp/etc/server-ecc.crt"

-sharp   Server Private Key:
-sharp   If the key is not combined with the certificate, use this
-sharp   directive to point at the key file.  Keep in mind that if
-sharp   you"ve both a RSA and a DSA private key you can configure
-sharp   both in parallel (to also allow the use of DSA ciphers, etc.)
-sharp   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile "/etc/letsencrypt/live//wang2/www.architect.wang.key"
-sharpSSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"
-sharpSSLCertificateKeyFile "/opt/lampp/etc/server-dsa.key"
-sharpSSLCertificateKeyFile "/opt/lampp/etc/server-ecc.key"

-sharp   Server Certificate Chain:
-sharp   Point SSLCertificateChainFile at a file containing the
-sharp   concatenation of PEM encoded CA certificates which form the
-sharp   certificate chain for the server certificate. Alternatively
-sharp   the referenced file can be the same as SSLCertificateFile
-sharp   when the CA certificates are directly appended to the server
-sharp   certificate for convenience.
-sharpSSLCertificateChainFile "chain.pem"
-sharpSSLCertificateChainFile "/opt/lampp/etc/server-ca.crt"

-sharp   Certificate Authority (CA):
-sharp   Set the CA certificate verification path where to find CA
-sharp   certificates for client authentication or alternatively one
-sharp   huge file containing all of them (file must be PEM encoded)
-sharp   Note: Inside SSLCACertificatePath you need hash symlinks
-sharp         to point to the certificate files. Use the provided
-sharp         Makefile to update the hash symlinks after changes.
-sharpSSLCACertificatePath "/opt/lampp/etc/ssl.crt"
SSLCACertificateFile "/etc/letsencrypt/live//wang2/www.architect.wang.key"
-sharpSSLCACertificateFile "/opt/lampp/etc/ssl.crt/ca-bundle.crt"

-sharp   Certificate Revocation Lists (CRL):
-sharp   Set the CA revocation path where to find CA CRLs for client
-sharp   authentication or alternatively one huge file containing all
-sharp   of them (file must be PEM encoded).
-sharp   The CRL checking mode needs to be configured explicitly
-sharp   through SSLCARevocationCheck (defaults to "none" otherwise).
-sharp   Note: Inside SSLCARevocationPath you need hash symlinks
-sharp         to point to the certificate files. Use the provided
-sharp         Makefile to update the hash symlinks after changes.
-sharpSSLCARevocationPath "/opt/lampp/etc/ssl.crl"
-sharpSSLCARevocationFile "/opt/lampp/etc/ssl.crl/ca-bundle.crl"
-sharpSSLCARevocationCheck chain

-sharp   Client Authentication (Type):
-sharp   Client certificate verification type and depth.  Types are
-sharp   none, optional, require and optional_no_ca.  Depth is a
-sharp   number which specifies how deeply to verify the certificate
-sharp   issuer chain before deciding the certificate is not valid.
-sharpSSLVerifyClient require
-sharpSSLVerifyDepth  10

-sharp   Access Control:
-sharp   With SSLRequire you can do per-directory access control based
-sharp   on arbitrary complex boolean expressions containing server
-sharp   variable checks and other lookup directives.  The syntax is a
-sharp   mixture between C and Perl.  See the mod_ssl documentation
-sharp   for more details.
-sharp<Location />
-sharpSSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-sharp            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-sharp            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-sharp            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-sharp            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-sharp           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-sharp</Location>

-sharp   SSL Engine Options:
-sharp   Set various options for the SSL engine.
-sharp   o FakeBasicAuth:
-sharp     Translate the client X.509 into a Basic Authorisation.  This means that
-sharp     the standard Auth/DBMAuth methods can be used for access control.  The
-sharp     user name is the `one line" version of the client"s X.509 certificate.
-sharp     Note that no password is obtained from the user. Every entry in the user
-sharp     file needs this password: `xxj31ZMTZzkVA".
-sharp   o ExportCertData:
-sharp     This exports two additional environment variables: SSL_CLIENT_CERT and
-sharp     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-sharp     server (always existing) and the client (only existing when client
-sharp     authentication is used). This can be used to import the certificates
-sharp     into CGI scripts.
-sharp   o StdEnvVars:
-sharp     This exports the standard SSL/TLS related `SSL_*" environment variables.
-sharp     Per default this exportation is switched off for performance reasons,
-sharp     because the extraction step is an expensive operation and is usually
-sharp     useless for serving static content. So one usually enables the
-sharp     exportation for CGI and SSI requests only.
-sharp   o StrictRequire:
-sharp     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-sharp     under a "Satisfy any" situation, i.e. when it applies access is denied
-sharp     and no other module can change it.
-sharp   o OptRenegotiate:
-sharp     This enables optimized SSL connection renegotiation handling when SSL
-sharp     directives are used in per-directory context. 
-sharpSSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

-sharp   SSL Protocol Adjustments:
-sharp   The safe and default but still SSL/TLS standard compliant shutdown
-sharp   approach is that mod_ssl sends the close notify alert but doesn"t wait for
-sharp   the close notify alert from client. When you need a different shutdown
-sharp   approach you can use one of the following variables:
-sharp   o ssl-unclean-shutdown:
-sharp     This forces an unclean shutdown when the connection is closed, i.e. no
-sharp     SSL close notify alert is sent or allowed to be received.  This violates
-sharp     the SSL/TLS standard but is needed for some brain-dead browsers. Use
-sharp     this when you receive I/O errors because of the standard approach where
-sharp     mod_ssl sends the close notify alert.
-sharp   o ssl-accurate-shutdown:
-sharp     This forces an accurate shutdown when the connection is closed, i.e. a
-sharp     SSL close notify alert is send and mod_ssl waits for the close notify
-sharp     alert of the client. This is 100% SSL/TLS standard compliant, but in
-sharp     practice often causes hanging connections with brain-dead browsers. Use
-sharp     this only for browsers where you know that their SSL implementation
-sharp     works correctly. 
-sharp   Notice: Most problems of broken clients are also related to the HTTP
-sharp   keep-alive facility, so you usually additionally want to disable
-sharp   keep-alive for those clients, too. Use variable "nokeepalive" for this.
-sharp   Similarly, one has to force some clients to use HTTP/1.0 to workaround
-sharp   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-sharp   "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

-sharp   Per-Server Logging:
-sharp   The home of a custom SSL log file. Use this when you want a
-sharp   compact non-error SSL logfile on a virtual host basis.
CustomLog "/opt/lampp/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>                                  
Mar.05,2021

< H1 > https fragment < / H1 >

server

{
    listen 443 ssl http2;
    server_name xxxx.com
    root  /www/wwww;

    index index.html index.htm index.php default.html default.htm default.php;
-sharproot  /home/wwwroot/xxxx.com;
    -sharpssl on;
    ssl_certificate /usr/local/nginx/conf/ssl/xxxx.com/fullchain.cer;
    ssl_certificate_key /usr/local/nginx/conf/ssl/xxxx.com/xxxx.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    -sharp openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

    include rewrite/other.conf;
    -sharperror_page   404   /404.html;
   include rewrite/other.conf;
    -sharperror_page   404   /404.html;

    -sharp Deny access to PHP files in specific directory
    -sharplocation ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

    include enable-php-pathinfo.conf;

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
       }

    location ~ .*\.(js|css)?$
    {
    expires      12h;
    }

    location ~ /.well-known {
        allow all;
    }

    location ~ /\.
    {
        deny all;
    }
add_header  Strict-Transport-Security "max-age=15552000;includeSubdomains;preload";
    access_log  /home/wwwlogs/$subdomain.xxxx.com.log;
    access_log  /home/wwwlogs/$subdomain.xxxx.com.log;

    -sharpcookie,
    add_header Set-Cookie "HttpOnly";
    add_header Set-Cookie "Secure";
    add_header X-Frame-Options "DENY";

}

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1bea492-319d2.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1bea492-319d2.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?