SSL unable to get local issuer

If you have installed an SSL certificate and appears to work fine in the browser, but does not work on places like the W3 feeds validator or iTunes Connect, a good way to debug it is to use cURL from the command line.

You may get back an “unable to get local issuer certificate” error.

$ curl https://www.your-domain.com/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

If so, this means that you have successfully installed your SSL certificate, but you have not included the intermediate certificates. These form an essential part of the chain up to the root certificate and need to be included when you install it.

They are typically distributed in .bundle files that come with your .crt file.

Leave a Reply