Hi,
TLS certificate verification: depth: 0, err: 20, subject: /CN=d.domain.d.d, issuer: /DC=d/DC=d/DC=domain/CN=Account //redacted
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
the TLS implementation on your DokuWiki server does not trust the authority that signed the LDAP/AD certificate.
The solution is to add the root CA of the AD cert (or at least its issuer cert) to the list of trusted CA on the DouWiki server. I don't know how you do that.
Please note that certificates were also invented so that clients are sure they connect to the right server. The name embedded in the certificate CN and SAN fields must match the name of the server. This means :
the ad server must use a correct cert, otherwise DW won't be able to connect to it.
the dw HTTPS server must use a correct cert, otherwise browsers won't be able to connect, or will at least show a warning "This site is probably dangerous"