Hey everyone, I recently got a new wildcard certificate from Sectigo, but I'm running into some validation issues. While browsers and SSLlabs seem to accept it without trouble, my CLI scripts on Ubuntu are throwing a curl error 19 that says there's a "self-signed certificate in certificate chain." Interestingly, Ubuntu 22 gives me this error, but newer versions (like Ubuntu 24 and up) don't seem to have a problem with it. I've also noticed that certain applications, like the Nextcloud Client on both Windows and Ubuntu, are also struggling with the new certificate. Could this be because Sectigo might be using a new CA that isn't included in all libraries yet? Any insights would be greatly appreciated!
1 Answer
It sounds like Sectigo might be using a middle certificate that's not compatible with older versions of `ca-certificates`. That's likely why it works well on Ubuntu 24 but not on 22. It might be worth updating your certificate store on the older OS. Another option could be switching to a different SSL certificate provider like Let's Encrypt or Certbot, which may offer you a more universally accepted certificate chain. Just something to consider!
I've used Certbot for many setups before, but some configurations were pretty tricky. If Sectigo keeps having these issues, maybe switching will be my best bet. Thanks for the tip!