Salesforce Apex rejects certificate: unable to find valid certification path to requested target

Hi there,
We use a Let’s Encrypt certificate for our HTTPS API server. It works fine when called from several different systems, but we now got stuck trying to make API calls from a Salesforce app we are developing.

I know Salesforce accepts Let’s Encrypt certificates:
SSL labs test report good results.
Details below.

My domain is:

I ran this command:
HttpRequest req = new HttpRequest();
req.setEndpoint(’’);
req.setMethod(‘GET’);
req.setTimeout(60000);
Http http = new Http();
HttpResponse res = http.send(req);

It produced this output:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

My web server is (include version):
Custom API server based on Java’s NanoHTTPD

The operating system my web server runs on is (include version): Ubuntu 14.04.6

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Any idea on what may be going on here?
Thanks in advance!

Daniele

While your port 443 webserver is configured correctly, your port 8000 webserver is not sending the Let’s Encrypt intermediate certificate.

This would cause the “certification path” error that you experience.

Making your port 8000 configuration the same as your port 443 one, would solve your problem.

3 Likes

@_az Thank you, that solved my issue!

For other readers that may be interested, when generating a JKS for my HTTPS Java server, I had to use fullchain.pem rather than cert.pem (both provided by Let’s Encrypt/Certbot).

@_az Now that the issue has been solved, can I request to remove our domain name from the original post? (I don’t have privileges to edit my own post).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.