When I go to a particular website in any browser on any computer I try, the certificate shows as valid. When I access the same site on Unraid (v6.6.6, via wget, etc) I have to force it to ignore certificate errors. I ran this command to check the certs and get the following results (redacted):
# openssl s_client -showcerts -connect website:443
CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2476 bytes and written 454 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: B699B03B3CC9FB649AF35520ACAF4A5746BF1684B0677CB81A4AB3229384B9E0
Session-ID-ctx:
Master-Key: D48D30ED8D6CB54D8738E1E5008123F0F9B029D35D6C1D850EFF1D093B93DE00D7DAF154C1CB2F8FA1D00BE3FC8290AF
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
Start Time: 1547645618
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
---
read:errno=0
Am I missing a root CA, or something else?