Certificate error on Let's Encrypt SSL using curl/wget


#1

I tried to run some commands after updating my domain to HTTPS using the new ansible letsencrypt task. It through an untrusted certificate error so I tried pulling up the domain with wget.

This was the response

wget thanhlycuongphat.com

ERROR: cannot verify thanhlycuongphat.com certificate, issued by ‘/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3’:
Unable to locally verify the issuer’s authority.
To connect to www.thanhlycuongphat.com insecurely, use `–no-check-certificate’.


#2

You’re not sending the intermediate, you’re sending your certificate twice and then the intermediate.

Remove the first or second certificate in your chain.


#3

While you’re correct the chain isn’t fully correct, I don’t think that’s the actual problem. My wget doesn’t report any error.

@Johnstone could you try using wget with the --ca-directory option pointed to the directory where your systems stores its root certificates?