curl 和 python 访问 let's encrypt 申请的 SSL 证书的 https 服务, 出现证书验证失败的错误提示 unable to get local issuer certificate。但是在 chrome 浏览器上访问,证书是正常的。
curl https://chatty.xyz.com
出现这个错误:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
排查了好久,最后偶然发现另外的域名是可以正常访问的。 于是到服务器上检查了一下配置,发现原来是 nginx 里面的 ssl_certificate 配置错文件了, 应该用 fullchain.pem,写成了 cert.pem。配置的时候只测试了浏览器可以正常访问,浏览器上显示证书是绿色,没发现这个问题。
#ssl_certificate /etc/letsencrypt/live/chatty.xyz.com/cert.pem;
ssl_certificate /etc/letsencrypt/live/chatty.xyz.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chatty.xyz.com/privkey.pem;