My domain is: api.luxaround.de
My web server is (include version): Apache 2.4.29
The operating system my web server runs on is (include version): Ubuntu 18.04
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.20.0
Additional info: openssl 1.1.1 (11 sep 2018)
Now the problem: since the expiration of the DST Root CA X3, I updated the certificates of my server, and ssl checks with openssl show me, that it has been done correctly (with the help of the community 
).
But now, one of the applications running on this server fails to call the server itself, the logfile only says [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852).
I have to admit: The application running on it is not made or maintained by me, it just happened, that I have to fix it without knowing anything about it or having contact to the original devs...
I think that there is somethin wrong with the certificate chain. The currently used chain can be seen here: https://decoder.link/sslchecker/api.luxaround.de/443
I don't know, which chains I can try because I can't find the names of them.
So the question(s):
- How are the names of other applicable certchains?
- I tried to install isrg-root-x2.pem and lets-encrypt-r3.pem, but the system didn't install any of them. When I checked all installed root-CAs, those two were not listed.
Do you have any Idea, what I can check to get this solved?