I have a very pesky SSL/TLS issue, the following command runs well on platform A as shown
openssl s_client -showcerts -connect space.example.com:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = example.com
verify return:1
and
SSL handshake has read 4692 bytes and written 452 bytes
Verification: OK
and
Verify return code: 0 (ok)
However when I run the same command on another machine, which is the one which hosting the endpoint itself, I get
openssl s_client -showcerts -connect space.example.com:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=2:unable to get issuer certificate
issuer= O = Digital Signature Trust Co., CN = DST Root CA X3
later in the output it shows
SSL handshake has read 4661 bytes and written 415 bytes
and then
Verify return code: 2 (unable to get issuer certificate)
I may be doing it wrong but I think the right CA root certificate from lets encrypt needs to be added to the second host with the problem but my attempts don't seem to have worked yet.
The host is CentOS7 and I tried
creating a crt file in the /etc/pki/ca-trust/source/anchors/ directory and running update-ca-trust extract but that didn't fix it.
curling the endpoint does not seem to have any issues, it appears that the issue is on openssl commands
Your assistance is appreciated. thanks