The problem of certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):CentOS Linux release 7.9.2009

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Hello guys,
I successfully renew my certificates , but the certificates was checked with error by speedtest , Error: SSL certificate problem: self signed certificate.

I used check , the organizationname is Let's Encrypt ,but I used openssl connect my domain, the organization is OoklaServer , and there is a verify error:num=18:self signed certificate.

how to solve this problem?
Thanks in advance,

1 Like

Are you connecting to the same IP/system that the Internet does?
The Internet sees:


@msbaggio It is also possible that you're using an older version of openssl in which you need to explicitly specify -servername in order to send SNI. In newer versions, SNI is sent automatically based on the argument to -connect, but in older versions it has to be added with a -servername option, or else no SNI extension will be sent by the client.

Web browsers always send SNI, so the newer behavior (providing SNI) is more similar to the behavior that a user would encounter from a browser.


Yes, the certifacte of my domain is not self signed . but it was detected self signed certificate by Why is this so ?

I would not know.
I can't replicate your finding.


The detection of htttps by is also 'self signed certificate', and the previous detection were all normal, the https of my domain is work normal

I'm confused... :confused:
What does this name:

have to do with this site?:


What version of OpenSSL do you have?


You can detect by openssl . the previous certificate is normal,but the latest certificate applied for is abnormal

I disagree:

openssl s_client -connect -servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
Server did acknowledge servername extension.
Certificate chain
 0 s:/
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3


openssl version


my domain is
my openssl version is OpenSSL 1.1.1q 5 Jul 2022
I need to use the application of (or OoklaServer),so the will detect the https of my domain, it used port 8080
if you detect the port 8080, the certificate is OoklaServer , not Let's Encrypt

Port 443 has the right cert.
Port 8080 has a self-signed cert.

How do you change the cert being used by port 8080?
I don't know; Check the OoklaServer documentation.


there is a mistake with OoklaServer‘s config, it is work normal now, Thank you for your help


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.