Unable to get https ssl certificate on 8080 and 5060 port for ookla speedtest server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: speedtests.samsam123.tk

I ran this command: https://speedtests.samsam123.tk:8080

It produced this output: Certificate invalid (shown localhost and produced by Ookla)

My web server is (include version): apache2 v2.4.41

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbort 0.40.0

Hi. I am unable to get my 8080 port and 5060 port to be HTTPS SSL certificate secured. I tried many command including changing listening port it’s still won’t work? Im new to all these things.

This is the normal SSL secured valid certificate website : https://speedtests.samsam123.tk

When i changed to port 8080 which is https://speedtests.samsam123.tk:8080/ then it will show invalid certificate and the certificate changed to localhost issued by Ookla and giving me error like this NET::ERR_CERT_AUTHORITY_INVALID on Microsoft Edge.

I wanted to figure it out and fix it or else i won’t able to sumbit this server up to Speedtest.

Any solution?

Thank you.

To get a certificate you must authenticate locally via HTTP(80), or HTTPS-ALPN(443), or remotely via DNS through your zone.

If you can accept HTTP, you can use that port to authenticate and get a new cert.
Once you have the cert (by any of those three ways), you can easily use it on any service and port within that same system.

Im sorry because im new to learning these.
Is there any detailed tutorial to get the the authenticated certificate?
Thank you.

Hi @samsam

checking your domain with my browser there is already a certificate with samsam123.tk, www.samsam123.tk - two domain names.

Create a new certificate with your subdomain or a new certificate with three domain names - samsam123.tk, www.samsam123.tk and your speedtest subdomain.

Then use that certificate on your port 8080.

Im already created SSL certificate for samsam123.tk, www.samsam123.tk and my speedtest subdomain and its working on port 443

And now i need a tutorial or any solution can use the certificate on port 8080 because i don’t know how to set it up as im new to these.
I will really appreciate for those giving their opinion to me based on this incident.

Thank you.

If you already have a good cert, and you already have it in use in port 443.
How do you not know how to do the same thing you did there to 8080 ?
[replacing 443 with 8080 - or even simpler just add another listener to the 443 config]

Did you just follow the instructions blindly?

Ya. Im kind of just follow the instructions bindly. Did you means that add listener to the 443 config is adding 8080 port to /etc/apache2/ports.conf?

If its ports.conf i already added port 8080 and port 5060 inside? Should i change other items?

Thank you

Yes. the config that serves the name "speedtests…" will need to listen and serve as well.

i changed it already but it still showing localhost ssl cert. Is there any detailed tutorial can guide me to correct the config? I tried change the config again today and it become worst. After i enable the changed config my apache2 won’t be able to start again and it shows the problem of the sites-available/speedtest.conf. So currently , i deleted the config and remain the default-000.conf . I have already put in :8080 and listen 8080 inside 000-default.conf. But it still wont work. Any solution?

Thank you

You’re asking about web server configuration.
This is a forum about LE certificates.
You have a valid certificate.
All you need to do is use it.

If you show the config, maybe we can help you fix it.
Please also show output of:
apachectl -S

Thanks. This is the output of apachectl -S

root@samcdn-12:~# apachectl -S
VirtualHost configuration:
*:5060                 samsam123.tk (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:443                  samsam123.tk (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:8080                 is a NameVirtualHost
         default server samsam123.tk (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 8080 namevhost samsam123.tk (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
                 alias www.samsam123.tk
         port 8080 namevhost samcdn-12.asia-southeast1-b.c.tidal-anvil-275409.internal (/etc/apache2/sites-enabled/000-default.conf:1)
         port 8080 namevhost samcdn-12.asia-southeast1-b.c.tidal-anvil-275409.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 8080 namevhost speedtests.samsam123.tk (/etc/apache2/sites-enabled/speedtests.samsam123.tk-le-ssl.conf:2)
                 alias speedtests.samsam123.tk
*:80                   is a NameVirtualHost
         default server samcdn-12.asia-southeast1-b.c.tidal-anvil-275409.internal (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost samcdn-12.asia-southeast1-b.c.tidal-anvil-275409.internal (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost speedtests.samsam123.tk (/etc/apache2/sites-enabled/speedtests.samsam123.tk.conf:1)
                 alias speedtest
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Thank you

OK, let’s verify.
Please show these files:
/etc/apache2/sites-enabled/speedtests.samsam123.tk.conf
/etc/apache2/sites-enabled/speedtests.samsam123.tk-le-ssl.conf

This is /etc/apache2/sites-enabled/speedtests.samsam123.tk.conf

And this is /etc/apache2/sites-enabled/speedtests.samsam123.tk-le-ssl.conf

Thank you

There is a duplicated name:

speedtests.samsam123.tk
alias speedtests.samsam123.tk

But I don’t see how that can make it use the wrong cert:

Remove the ServerAlias speedtests.samsam123.tk
and restart the server.
Also, show screenshot of:
top

I already remove ServerAlias speedtests.samsam123.tk

And also this is the screenshot of top

Thank you !

Restart Apache and let’s try again.

According to the config, /var/www/html/ is the root folder for that domain name.
Please place a test-text file in that folder.
something like:
echo "test" >> /var/www/html/test-file
And let’s see if it is accessible form the Internet.
https://speedtests.samsam123.tk:8080/test-file

OMG. I think we overlooked the LISTEN statement.
You may need to add one within the config:
listen 8080
and
SSLEngine On

Please also show these other 3 files that also use port 8080:

/etc/apache2/sites-enabled/000-default-le-ssl.conf
/etc/apache2/sites-enabled/000-default.conf
/etc/apache2/sites-enabled/default-ssl.conf

You have an Ookla port 8080. There isn't an Apache.

So your Apache config port 8080 isn't relevant.

Searching 5 seconds with Google lists the Ookla documentation how to configure Ookla to use the certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.