Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

unable to get local issuer certificate

Featured Replies

When I go to a particular website in any browser on any computer I try, the certificate shows as valid. When I access the same site on Unraid (v6.6.6, via wget, etc) I have to force it to ignore certificate errors. I ran this command to check the certs and get the following results (redacted):

# openssl s_client -showcerts -connect website:443

CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
   i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website

issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2476 bytes and written 454 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: B699B03B3CC9FB649AF35520ACAF4A5746BF1684B0677CB81A4AB3229384B9E0
    Session-ID-ctx: 
    Master-Key: D48D30ED8D6CB54D8738E1E5008123F0F9B029D35D6C1D850EFF1D093B93DE00D7DAF154C1CB2F8FA1D00BE3FC8290AF
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:


    Start Time: 1547645618
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
read:errno=0

Am I missing a root CA, or something else?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.