I recently got a new wildcard certificate from Sectigo, but I'm facing some odd validation issues. While both browsers and SSLlabs don't report any problems, my CLI scripts on Ubuntu are throwing a curl error 19, indicating there's a "self-signed certificate in the certificate chain." It seems that Ubuntu 22 is the only version giving me trouble, as Ubuntu 24 and later don't mind it at all. Additionally, some applications like the Nextcloud Client on Windows and Ubuntu seem to have issues with this certificate too. I'm wondering if Sectigo has issued it through a new CA that certain libraries haven't recognized yet. Any insights or suggestions would be really appreciated!
1 Answer
It's likely that Sectigo is using a middle certificate that requires the latest version of `ca-certificates`, which explains why it works on newer Ubuntu versions. The older systems may have outdated certificate stores. You can either update your certificate store or consider switching to a different SSL provider, like Let's Encrypt or Certbot, which might give you a more universally accepted certificate chain.
I've been using Certbot for other services, but some setups were just too complex for it. If Sectigo continues to have these issues, I might have to make that switch. Thanks for your help!