curl: (60) SSL certificate problem: unable to get local issuer certificate

I have an Ubuntu 18 server. I have a domain name registered with LetsEncrypt. When I try to CURL my own server from my own server, I get the following error. I have verified that this domain name is not in /etc/hosts.

Do I need to update some Ubuntu18 certs? Thanks for any information.

(P.S. - this is because a Wordpress installation on this server is POSTing back to itself).

$ curl -v
*   Trying
* Connected to ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream!
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

2 Replies

Most likely a server config error.

The server's SSL certificate needs to be set as fullchain.pem and not cert.pem

The former contains the necessary intermediate certificates to chain the leaf cert to a well-known anchor. The latter, only the leaf cert which may not validate.

[SOLVED] Thanks, that helped. Here's what it was.

First - i determined that something was wrong with my server by trying the Curl command on another Ubuntu instance. It got the same error.

I was indeed missing the 'full chain.' I had been using a very old version of for obtaining a cert from LetsEncrypt. (My version was from 2017). Newer versions automatically include the intermediate in the returned cert.

I got the new version of, ran it to obtain the new cert, restarted the server, and all is well.

Thanks for the pointer.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct