Debian Testing: Curl: (60) SSL certificate problem: unable to get local issuer certificate


Curl and Lynx and bunch of other apps on my Debian Testing cant seem to be able to access sites and some other LE certificate sites. I tried disabling the DST certs


Then I did update-ca-certificates but that did not help. What else can I try?

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Does your trust store have ISRG Root X1 in it?

Are you able to use wget instead of curl, import the root certiticate, then run update-ca-certificates?


Are you able to use Firefox to access If so you could try the "Convert from your local Firefox installation" method here: curl - Extract CA Certs from Mozilla


This is a server, it does not have desktop running.

--2021-10-02 00:10:13--
Resolving (,, 2604:a880:400:d0::1b6b:7001, ...
Connecting to (||:443... connected.
ERROR: The certificate of ‘’ is not trusted.
ERROR: The certificate of ‘’ doesn't have a known issuer.

Which version of OpenSSL is that server using?

uname -ra
Linux 5.9.0-5-amd64 #1 SMP Debian 5.9.15-1 (2020-12-17) x86_64 GNU/Linux
openssl version
OpenSSL 1.1.1l  24 Aug 2021

Well OpenSSL is new enough...
It must have something to do with ca-certificates
I'm not sure how things get Debianed, but if it apts...
sudo apt update
sudo apt-get update
[yeah both]
Then update your ca-certs.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.