Error: SSL certificate problem: unable to get local issuer certificate


#21

Did you restart your Apache?

If it doesn’t work, that vHost isn’t used.

Is the site enabled?

Or create wrong entries (other DocumentRoot) to check if that vHost is used.


#22

I have relapsed the service.

according to digicert support the problem is that of letsencryptX3 is a certificate that is missing from the site by port 8080


#23

As written: Your port 443 is correct, sends the intermediate certificate. Your port 8080 doesn’t send it.

But if both vHosts use the same server, you must have a local error.


#24

I understand, there will be no way that they could support me with some remote option and thus be able to verify the server


#25

Could you try to check whether there is anywhere else in your configuration that a virtual host is defined for port 8080? Maybe grep -r 8080 on your Apache configuration directory?


#26

similarly search and I do not have another Vh with port 8080, which another theory could be to generate the LetsecryptX3 certificate


#27

There are different applications running.

Checked with a not existing file:

https://speedtest.redeshibridas.com.gt/not-existing-file.html

Not Found

The requested URL /not-existing-file.html was not found on this server.

Apache/2.4.18 (Ubuntu) Server at speedtest.redeshibridas.com.gt Port 443

But checking

https://speedtest.redeshibridas.com.gt:8080/not-existing-file.html

there is an empty page.

There is no header visible.

Looks like there is an application with a special setting.


#28

I do not understand, followed the instructions of the following link

Follow the steps correctly and install the certificate in the following domain

speedtest.redeshibridas.com.gt

it worked for me, now my question is because I do not install this certificate in port 8080 or what I have to do later so that it works for me in that port


#29

What’s running on port 8080?

This isn’t a standard Apache.


#30

it is running at port 8080 the speedtest

that is why I do not understand, if in no instruction does it indicate that a certificate is installed in port 8080


#31

Calling the site direct:

https://speedtest.redeshibridas.com.gt:8080/

There is an

OoklaServer

And there

is a new text how to configure that.

  1. Edit your OoklaServer.properties file to include the following uncommented lines:

openSSL.server.certificateFile = /home/ookla/cert.pem
openSSL.server.privateKeyFile = /home/ookla/key.pem

  1. Ensure the path for your certificate and key file are correct. This should be a PEM certificate file. Make sure your certificate file includes the full trust chain back to the issuing Certificate Authority.

  2. Restart OoklaServer. You should see “SSL Context Initialized” shortly after launch if your setup worked.

Change these two files, restart your Ookla, then recheck your domain.


#32

is correct, so I have the configuration, and restart the service even with the 2 lines modified and likewise


#33

There you see your error.

You have the cert file included, not the fullchain.

So your Ookla sends only one certificate instead of two.

That file has the wrong content.

This should be a PEM certificate file. Make sure your certificate file includes the full trust chain back to the issuing Certificate Authority.


#34

in the first image that I sent, it indicates that the file CERT.PEM is going, which is the one I have added, then it would not be that if not the fullchain.pem?

Captura

I understood that


#35

or I have to add the following file pem

FULLCHAIN.PEM

Captura


#36

Yes, you need the full chain.

File names aren’t relevant, the content of cert.pem is wrong.


How to enable HTTPS/TLS certificate for Speedtest on Centos 7
#37

thank you very much for the support, it was already accepted in the test of the ookla and digicert page, thank you very much


#38

Yep, now there are two chain elements ( https://check-your-website.server-daten.de/?q=speedtest.redeshibridas.com.gt%3A8080 ):

Chain (complete) 0 s:CN=speedtest.redeshibridas.com.gt
1 s:CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US