Error: SSL certificate problem: unable to get local issuer certificate


Did you restart your Apache?

If it doesn’t work, that vHost isn’t used.

Is the site enabled?

Or create wrong entries (other DocumentRoot) to check if that vHost is used.


I have relapsed the service.

according to digicert support the problem is that of letsencryptX3 is a certificate that is missing from the site by port 8080


As written: Your port 443 is correct, sends the intermediate certificate. Your port 8080 doesn’t send it.

But if both vHosts use the same server, you must have a local error.


I understand, there will be no way that they could support me with some remote option and thus be able to verify the server


Could you try to check whether there is anywhere else in your configuration that a virtual host is defined for port 8080? Maybe grep -r 8080 on your Apache configuration directory?


similarly search and I do not have another Vh with port 8080, which another theory could be to generate the LetsecryptX3 certificate


There are different applications running.

Checked with a not existing file:

Not Found

The requested URL /not-existing-file.html was not found on this server.

Apache/2.4.18 (Ubuntu) Server at Port 443

But checking

there is an empty page.

There is no header visible.

Looks like there is an application with a special setting.


I do not understand, followed the instructions of the following link

Follow the steps correctly and install the certificate in the following domain

it worked for me, now my question is because I do not install this certificate in port 8080 or what I have to do later so that it works for me in that port


What’s running on port 8080?

This isn’t a standard Apache.


it is running at port 8080 the speedtest

that is why I do not understand, if in no instruction does it indicate that a certificate is installed in port 8080


Calling the site direct:

There is an


And there

is a new text how to configure that.

  1. Edit your file to include the following uncommented lines:

openSSL.server.certificateFile = /home/ookla/cert.pem
openSSL.server.privateKeyFile = /home/ookla/key.pem

  1. Ensure the path for your certificate and key file are correct. This should be a PEM certificate file. Make sure your certificate file includes the full trust chain back to the issuing Certificate Authority.

  2. Restart OoklaServer. You should see “SSL Context Initialized” shortly after launch if your setup worked.

Change these two files, restart your Ookla, then recheck your domain.


is correct, so I have the configuration, and restart the service even with the 2 lines modified and likewise


There you see your error.

You have the cert file included, not the fullchain.

So your Ookla sends only one certificate instead of two.

That file has the wrong content.

This should be a PEM certificate file. Make sure your certificate file includes the full trust chain back to the issuing Certificate Authority.


in the first image that I sent, it indicates that the file CERT.PEM is going, which is the one I have added, then it would not be that if not the fullchain.pem?


I understood that


or I have to add the following file pem




Yes, you need the full chain.

File names aren’t relevant, the content of cert.pem is wrong.

How to enable HTTPS/TLS certificate for Speedtest on Centos 7

thank you very much for the support, it was already accepted in the test of the ookla and digicert page, thank you very much


Yep, now there are two chain elements ( ):

Chain (complete) 0
1 s:CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US
1 Like
closed #39

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.