Set ServerTrace to true to get more debugging info.
How did you generate your certificate authority certficate (cacert.pem)? Your server certificate should be signed by the same certificate authority that created your certificate authority certificate. It is pretty straightforward to become your own certificate authority if necessary for testing.