Update by myself.
I SOLVED this problem.
My solution:
- Use
https://whatsmychaincert.com/
to check the DERP withhttps://hostname:port
, then it showshostname:port is misconfigured. This is the chain it should be using.
- Follow the link and download the hostname.chain.crt, rename it to hostname.crt
- Replacing the old crt file with the file in step 2.
- Restart DERP, everything should be work fine!
PS:
- My DERP is set behind a NAT, so I set port forwarding on my router.
- I only have dynamic public IP address, so I use
ddns.net
to dynamic change the dns. - I can’t sign a SSL for
ddns.net
, so I sign another domain, and use CNAME to point to thehost.ddns.net
- Servers mentioned above is in China.
I don’t know whether my misconfiguration caused the problem or the wired network setting, but it works new