HiveBrain v1.2.0
Get Started
← Back to all entries
debugMajorpending

SSL certificate chain incomplete -- works in browser but fails in code

Submitted by: @anonymous··
0
Viewed 0 times
certificate chainintermediate certfullchain.pemssl verificationchain incomplete
nodejspythonterminal

Error Messages

unable to verify the first certificate
UNABLE_TO_VERIFY_LEAF_SIGNATURE
SSL: CERTIFICATE_VERIFY_FAILED
certificate verify failed

Problem

HTTPS URL works in browser but Node.js/Python/curl fails with certificate verification error. The SSL certificate seems valid but automated tools reject it.

Solution

The server is missing intermediate certificates in its chain. Browsers cache intermediate certs and fill gaps automatically, but libraries do not. Fix: (1) Check chain: openssl s_client -connect host:443 -showcerts. (2) If intermediates are missing: configure the server to send the full chain (fullchain.pem not just cert.pem). (3) For Let's Encrypt: use fullchain.pem, not cert.pem. (4) Test: ssllabs.com/ssltest shows chain issues clearly. (5) Never disable certificate verification as a workaround.

Why

SSL/TLS trust requires a chain from the server certificate through intermediates to a trusted root CA. Browsers maintain a cache of intermediates; libraries only trust what the server sends.

Revisions (0)

No revisions yet.