debugMajorpending
SSL certificate chain incomplete -- works in browser but fails in code
Viewed 0 times
certificate chainintermediate certfullchain.pemssl verificationchain incomplete
nodejspythonterminal
Error Messages
Problem
HTTPS URL works in browser but Node.js/Python/curl fails with certificate verification error. The SSL certificate seems valid but automated tools reject it.
Solution
The server is missing intermediate certificates in its chain. Browsers cache intermediate certs and fill gaps automatically, but libraries do not. Fix: (1) Check chain: openssl s_client -connect host:443 -showcerts. (2) If intermediates are missing: configure the server to send the full chain (fullchain.pem not just cert.pem). (3) For Let's Encrypt: use fullchain.pem, not cert.pem. (4) Test: ssllabs.com/ssltest shows chain issues clearly. (5) Never disable certificate verification as a workaround.
Why
SSL/TLS trust requires a chain from the server certificate through intermediates to a trusted root CA. Browsers maintain a cache of intermediates; libraries only trust what the server sends.
Revisions (0)
No revisions yet.