Update by myself.
I SOLVED this problem.
My solution:
- Use
https://whatsmychaincert.com/to check the DERP withhttps://hostname:port, then it showshostname:port is misconfigured. This is the chain it should be using. - Follow the link and download the hostname.chain.crt, rename it to hostname.crt
- Replacing the old crt file with the file in step 2.
- Restart DERP, everything should be work fine!
PS:
- My DERP is set behind a NAT, so I set port forwarding on my router.
- I only have dynamic public IP address, so I use
ddns.netto dynamic change the dns. - I can’t sign a SSL for
ddns.net, so I sign another domain, and use CNAME to point to thehost.ddns.net - Servers mentioned above is in China.
I don’t know whether my misconfiguration caused the problem or the wired network setting, but it works new