Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: tmp.heconomics.org
I ran this command: openssl verify -CAfile /etc/ssl/certs/ca-bundle.crt /etc/letsencrypt/live/tmp.heconomics.org/chain.pem
It produced this output:
CONNECTED(00000004)
depth=1 C = US, O = Let's Encrypt, CN = R3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = tmp.heconomics.org
verify return:1
Certificate chain
0 s:CN = tmp.heconomics.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Server certificate
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISA37pqweAcZnUxldB5tOBqUXCMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMjMyMTQ1MTNaFw0yMjAzMjMyMTQ1MTJaMB0xGzAZBgNVBAMT
EnRtcC5oZWNvbm9taWNzLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKWWhuDxvNW07g4fpDR7xZLKdjuh+MV82YX4aGXaQ3wR7k8EIlEMoBJXvUh1
WLMviqZD47tRCKgk8ek6tITelniL0gBVK/uxxPk4g4JqIQ8f5hg6dqWFxKJ0ii0w
SWDFcIVu5Nk2Qj5MQKAOnwZi2/GyePBUFHYBNkEqOYu2smZBq6Zvsxr7/chuBBTj
0xA2VAKm/4DNnFiKCRuwSAklkOfN2mmvioNb/7ljvTCzwTgYy+Wrp3wNNHc4u5D7
7ICOjpD1h0y8BR2Jdl20fuGE6jtY0xjEwGfIZuF7L4hTjKKMuiKM1EZwC1rQaGoK
StGe/geiMsJgx4QLlhMIT9hnowUCAwEAAaOCAkwwggJIMA4GA1UdDwEB/wQEAwIF
oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQUWREKc/9phYBRX7a+ym42rCW1ngswHwYDVR0jBBgwFoAUFC6zF7dY
VsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRw
Oi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNy
Lm9yZy8wHQYDVR0RBBYwFIISdG1wLmhlY29ub21pY3Mub3JnMEwGA1UdIARFMEMw
CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUARqVV
63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF96XhGjQAABAMARjBEAiBE
o8FuoTq4Teyhz6zfcoHf73wuj00AoHOv3M94sJtnBgIgKLAu0/N5GiXnUXNf3GH0
lRKEqHTS2rnp+uKcmAVxHlQAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbII
mjfZEwAAAX3peEfmAAAEAwBHMEUCIQCE43ansUL5/mH1i4joINHpGb1ZP2UMcpAf
8K0fy0TUWAIgCZUKWqiX9FuCFPfjMpkOASweiEJPiyMuKigeXZYNwYowDQYJKoZI
hvcNAQELBQADggEBAFIzGmCMWef58Jo/kYXKIf9oLckFxGnm7n9gitRG1yMMzBch
hOXHtoy/Nd79ao8BSDveD1NUEDXgEkv/RcB8LhKD0/Dk7tqT7wyYtdc+OXAOLP5r
6htM9BRKUJaLQcjrzPoUzvCzenugAp71F2XNCJBsLZ13orSgcLePUz8A6lV44OpC
CA+5/DP3FQe78IWxAJRxChs58cDWPJrg3IjWMd2JHKtM0/zhuVibR7u5/iLPD8JG
IYZkwDSxGd1TB9h1foc9m2Vg/ghSKSGYbDa+wwDELU9ApTkBc8qSbRM/21kM+v9r
7qrgXivrJ0dwmIcUJNM1mG+mhtkdVE+usYbEqN8=
-----END CERTIFICATE-----
subject=CN = tmp.heconomics.org
issuer=C = US, O = Let's Encrypt, CN = R3
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 3340 bytes and written 446 bytes
Verification error: unable to get local issuer certificate
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: B9876524022F49A174751F5A83200C324311B7E92A755530B63BB4DD95E540FD
Session-ID-ctx:
Master-Key: 2B925A2DA40C9C3B24A8F24ED52656AC1ED3E606EC3AC53A8AB1F606B1FA99EF40C6784905216B212E22A9323E0D0474
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 25 79 88 1b 8f a6 4e b0-64 d7 63 a0 d6 b5 6c 79 %y....N.d.c...ly
0010 - e9 dc 59 89 50 81 41 8f-83 e5 23 30 98 10 60 0e ..Y.P.A...#0... 0020 - d6 42 e6 ab 3f 78 79 db-e0 83 06 96 43 ff f7 73 .B..?xy.....C..s 0030 - 2d 38 3c fb 21 23 50 68-d3 42 a4 13 20 07 a3 9d -8<.!#Ph.B.. ... 0040 - d3 85 96 21 5f 70 e5 61-9c e4 2e 34 34 c6 1b 6c ...!_p.a...44..l 0050 - 07 2d 8f e4 be ca 12 7d-03 da e8 7d fa 61 38 3c .-.....}...}.a8< 0060 - 33 32 81 90 ef 98 c5 a7-26 9c 39 30 6d 8f fc fd 32......&.90m... 0070 - df 06 41 0d 1d 63 e5 2b-69 c2 0a 7e cb 9d 71 26 ..A..c.+i..~..q& 0080 - 2d 3a 04 1a e8 b7 df 6e-78 14 ae ef fe a9 cb b4 -:.....nx....... 0090 - d0 55 64 2e a9 9f 47 de-3b d1 e2 20 d9 f1 9b 69 .Ud...G.;.. ...i 00a0 - 00 6d b9 e4 ca 94 57 cb-01 ae d3 d0 f8 e1 bb a5 .m....W......... 00b0 - 02 e4 aa aa 47 fa 9d 42-b9 fa 96 bd 07 b1 14 ff ....G..B........ 00c0 - 5a 0e 76 da d0 88 7e 4e-b5 bf 32 c7 60 16 a9 3b Z.v...~N..2.
..;
Start Time: 1640304973
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
My web server is (include version):
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 10 2021 14:26:31
The operating system my web server runs on is (include version): CentOS Linux release 7.9.2009 (Core)
My hosting provider, if applicable, is: Brownrice
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.22.0