cURL error 60 when trying to connect to self

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
curl -v

It produced this output:

If I run the curl command on the server where nginx that hosts is running I get this output

*   Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

but when I try it from any other machine, everything is absolutely fine.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I use


Some other useful info

root@venus-de:~# ifconfig | grep inet
        inet  netmask  broadcast
        inet6 fe80::9400:ff:fe2b:eed6  prefixlen 64  scopeid 0x20<link>
        inet6 2a01:4f8:c2c:b72::1  prefixlen 64  scopeid 0x0<global>
        inet  netmask
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
root@venus-de:~# traceroute
traceroute to (, 64 hops max
  1  0.003ms  0.001ms  0.001ms 

Your server isn't sending the intermediate certificate.


Okay, I'll try using fullchain.cer!


Hi @gbougakov

there runs a check of your domain -

Openssl says: The intermediate certificate is missing.

PS: Yep, now the check is ready:

Chain - incomplete	


Thanks guys, you saved me so many hours of investigating! Really appreciate it, everything works now :heart:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.