My Ookla server is litening on ports 8080 and 5060 via https successfully, but i get a cert error on port 443. the Ookla server tester says it fails to get local certificate issuer. I have tried reinstalling the cert with certbot delete and certbot --apache to no avail. I thnk my key is messed up for some reasone. Is there a way to have Let’s Encrypt totally erase my key and everything on their end and start over? My server died and I had to rebuild, so I think it’s missing a link somewhere because the chain was broken with the server rebuild.
There's no reason that having Let's Encrypt delete or invalidate this certificate would be of any benefit to you. The problem you're having isn't with the certificate itself, but only with your server configuration. Deleting or revoking a certificate on the CA site isn't necessary or useful for issuing subsequent certificates, since you're allowed to have multiple valid certificates covering the same domain names at the same time.
If that were so, you wouldn't be able to use the certificate on any port!
What you're seeing here is that the server on port 443 is not using your Let's Encrypt certificate at all, but rather a different test certificate. All that should be necessary is to change your web server configuration so that it also uses the Let's Encrypt certificate for the port 443 HTTPS service, just as it does on the other ports.
You could try something like sudo apachectl -t -D DUMP_VHOSTS to see where each certificate in your Apache configuration is being referenced within your Apache configuration.
I was able to find a spot in my config that was using another default cert. now I can go to http(s)://speedtest.waveruralconnect.com:8080/5060 successfully. However, I am still getting a fail via https with the Ookla server tester.
The situation on your site has changed—now port 443 works properly with regard to the certificate but simply doesn’t show the site content. (If you tested it in your browser before, you might need to quit and restart your browser in order to accurately see the current server behavior.)
Oh yes, I forgot to add that info. I made a “blank” index.html page so that it didn’t show the default Apache homepage. I can change it to something simple so people will know that the site is working.
So if I’m understsnding correctly, I need to reference fullchain.pem where I am referencing cert.pem? I will make that change, restart web services and test again today.
That worked like a champ! I had a few minutes Bierce leaving for work to make the change in ooklaserver.properties file and restarted the ooklaserver daemon. I am now passing the ookla tester in all categories. Thanks again!
