ssl.SSLError: [SSL] PEM lib (_ssl.c:3503) Django run websoket

Hello guys, I’m trying to start to chat ( in Django, if I run without a certificate python run_chat_server, then everything works on the local server, but if I run with a certificate python run_chat_server "path/to/cert.pem" , I get an error:

Traceback (most recent call last):
File "", line 10, in <module>
File "/home/devkd/Документы/GitHub/new_live/venv/lib/python3.6/site-packages/django/core/management/", line 381, in execute_from_command_line utility.execute()
File “/home/devkd/Документы/GitHub/new_live/venv/lib/python3.6/site-packages/django/core/management/”, line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv) File "/home/devkd/Документы/GitHub/new_live/venv/lib/python3.6/site-packages/django/core/management/", line 323, in run_from_argv
self.execute(*args, **cmd_options)
File "/home/devkd/Документы/GitHub/new_live/venv/lib/python3.6/site-packages/django/core/management/", line 364, in execute output = self.handle(*args, **options)
File "/home/devkd/Документы/GitHub/new_live/venv/lib/python3.6/site-packages/django_private_chat/management/commands/", line 28, in handle print(ssl_context.load_cert_chain(options['ssl_cert']))
ssl.SSLError: [SSL] PEM lib (_ssl.c:3503) have
def handle(self, *args, **options):
if options[‘ssl_cert’] is not None:
if sys.version_info >= (3, 6):
protocol = ssl.PROTOCOL_TLS_SERVER
elif sys.version_info >= (3, 4):
protocol = ssl.PROTOCOL_TLSv1
v = str(sys.version_info.major) + ‘.’ + str(sys.version_info.minor)
version_s = ‘Version %s is not supported for wss!’ % v
raise Exception(version_s)
ssl_context = ssl.SSLContext(protocol)
ssl_context.load_cert_chain(options[‘ssl_cert’]) // error
ssl_context = None

My domain is:

I ran this command: python run_chat_server “path/to/cert.pem”

It produced this output: ssl_context.load_cert_chain(options[‘ssl_cert’])

My web server is (include version): I don’t know

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: Heroku

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0

Are you sure the cert.pem file was created properly?
[check dos2unix]
[ensure key file is first]
[maybe try including fullchain]

I checked the code, I am 90% sure that the problem is in the certificate, but this is the first time I encounter them. Therefore, it is difficult to draw up an action plan.
How to check through dos2unix? what should i see?
I am trying to check the file

openssl x509 -text -in cert.pem

but getting an error

unable to load certificate 139826877813184:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE .
Maybe I didn’t install something or set it incorrectly?


Hi @Legalas61

I have no idea how that may work.


the cert.pem contains only the cert, nothing else.

If you want to validate the cert, the intermediate certificate is required.

So that can’t work with the cert.pem, because there is only one certificate.

Use the fullchain.pem instead.