使用任意带了TLS的协议均无法正常连通，使用无需TLS证书均可正常使用。相关报错为“net/http:TLS handshake timeout”

[Hubupup]

如题，比如Vmess-WS-TLS，Trojan-H2-TLS等，均无法正常使用，V2Ray报错为:
net/http:TLS handshake timeout
使用非TLS类的协议，如VMess-TCP、Shadowsocks等，可正常使用。
已经查看过相关 issue，未找到解决方法。

尝试过但无效的操作：

1. 通过修改配置，将Caddy自动申请的证书替换为CloudFlare申请的证书
2. 卸载重装脚本

环境信息如下：

1. 系统 ubuntu 22
2. 软件版本 V2Ray 5.28.0 / V2Ray script v4.23 / Caddy v2.9.1 / V2RayNG v1.9.38(Xray-core v25.3.3)
3. 服务端已开放22、443端口
4. 使用的域名为cloudns申请的二级域名，..cloudns.ch，域名已经在CloudFlare指向服务器IP（仅DNS，未开启代理）
5. 使用ITDOG进行DNS解析查询，均能查询到该域名对应到服务器IP;使用TCP.PING域名443端口，也能ping通。
   
   
6. 浏览器输入域名，报错信息为：“错误代码：PR_CONNECT_RESET_ERROR，由于不能验证所收到的数据是否可信，无法显示您想要查看的页面。“
7. V2Ray logerr 日志无报错，Caddy日志如下：
   Mar 11 21:20:30 racknerd-7092df2 systemd[1]: Starting Caddy... Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.HomeDir=/root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.AppDataDir=/root/.local/share/caddy Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.AppConfigDir=/root/.config/caddy Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.ConfigAutosavePath=/root/.config/caddy/autosave.json Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: caddy.Version=v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY= Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.GOOS=linux Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.GOARCH=amd64 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.Compiler=gc Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.NumCPU=1 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.GOMAXPROCS=1 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: runtime.Version=go1.23.6 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: os.Getwd=/ Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: LANG=en_US.UTF-8 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: NOTIFY_SOCKET=/run/systemd/notify Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: HOME=/root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: LOGNAME=root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: USER=root Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: SHELL=/bin/sh Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: INVOCATION_ID=74b672f7f7c0447cbe3d4599900e7b57 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: JOURNAL_STREAM=8:1583302 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: SYSTEMD_EXEC_PID=577443 Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0060751,"msg":"using config from file","file":"/etc/caddy/Caddyfile"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0084631,"msg":"No files matching import glob pattern","pattern":"/etc/caddy/sites/*.conf"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0113716,"msg":"adapted config to JSON","adapter":"caddyfile"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0131438,"logger":"admin","msg":"admin endpoint disabled"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0135727,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enab> Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0138032,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0151668,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.016096,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0163524,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"warn","ts":1741728031.0165482,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.016803,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0169969,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["***.***.cloudns.ch（手动隐去域名前缀）"]} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0200534,"msg":"autosaved config (load with --resume flag)","file":"/root/.config/caddy/autosave.json"} Mar 11 21:20:31 racknerd-7092df2 systemd[1]: Started Caddy. Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.028712,"msg":"serving initial configuration"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.021317,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000343380"} Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0307953,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/root/.local/share/caddy","i> Mar 11 21:20:31 racknerd-7092df2 caddy[577443]: {"level":"info","ts":1741728031.0312512,"logger":"tls","msg":"finished cleaning storage units"}
8. curl 和 openssl 均显示证书正确，域名匹配 (subjectAltName 正确)，且证书链完整（由 Let's Encrypt 签发，根证书 ISRG Root X1 受信任）。
9. CloudFlare网络设置中：WebSockets和gRPC已开启，最低 TLS 版本已设置为1.0