This error generally happens when your website’s certificate chain is incomplete. When an intermediate certificate authority signs your SSL certificate, you need to install this intermediate certificate on your server.
Related articles:
How certificate chains work
How certificate chains work
Verify your certificate chain
To verify the validity of your certificate chain, you can use OpenSSL:
Shell
openssl s_client -showcerts -connect algolia.com:443 -servername algolia.com
- If the chain is valid, you should see
Verify return code: 0 (ok)
at the end, and no errors in the output.
- If it’s invalid, you should either get:
-
Verify return code: 21 (unable to verify the first certificate)
at the end. -
Or errors in the verifications steps, such as:
Shell
-
CONNECTED(00000005)
depth=0 C = FR, L = PARIS, O = Algolia, CN = Algolia.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = FR, L = PARIS, O = Algolia, CN = Algolia.com
verify error:num=21:unable to verify the first certificate
verify return:1
You can also do the check online.
Fix your server
The correct way to bundle the intermediate certificates depends on your web server. What’s My Chain Cert explains how to fix the issue for many popular web servers.