My domain is: gallery.vote
I ran this command: sudo certbot --preferred-chain "ISRG Root X1"
It produced this output: all good
My web server is (include version):
twistd (the Twisted daemon) 18.9.0
The operating system my web server runs on is (include version):
Linux 5.4.0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.21.0
So here's the issue, the cert works on some browsers / machines and not others.
When I try to reach it with python thru the requests module.
SSLError: HTTPSConnectionPool(host='gallery.vote', port=443): Max retries exceeded with url: /haiku/0 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')))
When I try to connect with openssl
$ openssl s_client -connect gallery.vote:443
CONNECTED(00000003)
depth=0 CN = gallery.vote
verify error:num=20:unable to get local issuer certificate
I have had this issue for months, and we've updated the cert many times, using different claimed solutions online. Please advise.