SSL Certificate Problem: Self signed certificate in certificate chain

Hi All,

I have an issue with SSL cert where I need your appreciated help to fix it.

I’ve re-installed my HA, set remote access via duckdns using instruction of Effortless encryption with Let’s Encrypt and DuckDNS - Home Assistant (home-assistant.io)

I have the following error when I try to integrate cert_Expiry sensor

Certificate validation error: xxxxxxx.duckdns.org [self signed certificate in certificate chain]

After reading many days and looking for solution I could not fix it. Please Help me! :slight_smile:
in SSH I can get with curl -v command the following:

~ $ curl -v https://xxxxxxxx.duckdns.org
*   Trying 84.225.xxx.xxx:443...
* Connected to xxxxxxxx.duckdns.org (84.225.xxx.xxx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations: 
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11): 
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate in certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

With SSL checker:

image

For me everything looks fine. I also read the mentioned web page but no clue how to resolve!
A beer is offered for the solution!!! :smile:

did you solve?
I have the same issue…

And? Got drunk?

I hope so and that you will share the solution, because I’ve got the same issue here and have no clue how to solve it.

Regards,
Wolk9

Hi Wolk9,
if I check the certicate wtih e.g. ssllabs.com or sslshopper.com, the certificate is valid and I checked it has been renewed correctly (I’m using Caddy on docker).

sslshopper:

ssl labs:

so it seems the issue is internal due to my fiber modem so at the end I decided I can survive without the Certificate Expire in HA…