WSS with SSL certificate not working

My domain is :

I have installed my system on ubuntu 18.04 LTS , and plesk (Version Plesk Obsidian v18.0.27_build1800200522.12) is insalled.
Hosting provideer is soyoustart and domain bought from namecheap.

From plesk panel I have binded the let’s encrypt certificate (with wildcard). Which I have used for main website, api service and internal MQTT service.
For main website and API service (subdomain, SSL working properly.
But when I have bind certificate in mqtt broker (aedes mqtt broker), it shows issue. From website (, when trying to connect on wss (wss:// it shows below error:
WebSocket connection to ‘wss://’ failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID

We have also tried below command, and it shows desired output:

echo | openssl s_client -connect -servername 2>/dev/null | awk ‘/Certificate chain/,/—/’
Certificate chain
0 s:CN =
i:C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
1 s:C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3

We have tried to solve it but we did not get any solution.

1 Like


This doesn’t work because the issue is on WebSocket, which as per your output is on port 3001.
The correct command is:
openssl s_client -connect -servername
I believe your WebSocket application doesn’t read Plesk’s certificate database (as it might not even passthrough Plesk Nginx/apache), so you’ll need to do some custom work to change WebSocket address (to go through Plesk/https) and make sure Plesk proxy those requests (via Nginx)
You can try this: (Disclaimer: I found this online so be cautioous when you apply any solutions.)


Hi @pkachhia

your command checks the non-www version.

But your www version has a self signed certificate -, CN=local.mqtt, OU=TEMPie, O=SLS, L=Anand, S=Gujarat, C=IN
expires in 2040 days

So there is no Letsencrypt certificate.

Same with OpenSsl.

openssl s_client -connect


Thanks @JuergenAuer,

We have updated the certificate, and checked, issue resolved.

Now it working properly.

Can you help me to understand that, if the ceriticate will auto update after 3 month of time, will the name stored on linux server will change ?

1 Like

I don’t know.

A restart of that service may be always required to use the new certificate.


  • you can use symlinks (if that program understands symlinks) (or)
  • you can copy the certificate

If you have the certificate copied, you have to do that again.


Thanks for update @JuergenAuer,

I think for me 1st option with symlinks is better, let’s try at our end.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.