I appended the file Go_Daddy_Root_Certificate_Authority_-_G2.pem to the end of server.crt. BTW, that same file is in /etc/ssl/certs on my device as well.
It is still getting the same error. I did discover that when catting the SSL cert I saved, I saved it on a Windows system so I had ^M at the end of each line of the cert, but I removed them with a global replace in vi and still get the error. Just in case there’s a minor variation I’m not picking up on, I’ll paste the stdout and stderr of the openssl s_client command below:
Verify return code: 21 (unable to verify the first certificate)
– INSERT – 7,25 Top
CONNECTED(00000003)
Certificate chain
0 s:OU = Domain Control Validated, CN = *.lcecorp.com
i:C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
Cert deleted by poster.
-----END CERTIFICATE-----
Server certificate
subject=OU = Domain Control Validated, CN = *.lcecorp.com
issuer=C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 2421 bytes and written 445 bytes
Verification error: unable to verify the first certificate
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: E61B459E83053B93DEDEF154103637A3088CB29740B62AA6F42B64D8D70FE0AD
Session-ID-ctx:
Master-Key: 0A3892E87ED036EBAAA3879DBDE84FFD60C4E0A3296CB9C65B876A5C8CBA517D79A24FA708F5D975C64F1CD2B216B83D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 79 32 09 22 97 b7 69 35-5d 4a d5 69 f6 5a ca 94 y2."…i5]J.i.Z…
0010 - fb 8f a5 96 8e 58 90 09-77 eb 32 1f 63 2e f6 72 …X…w.2.c…r
0020 - bb 1c 18 8a 97 73 63 68-5a 71 e3 7e cd 1b 36 46 …schZq.~…6F
0030 - 7e b5 e5 11 ca a1 06 4e-17 93 79 9b c5 c0 92 8b ~…N…y…
0040 - dd c2 d8 f1 3c 11 b0 f5-0d b7 c3 30 5e d5 a6 45 …<…0^…E
0050 - f6 40 6d 89 c3 a2 d1 b4-b0 e1 60 52 e2 ad aa 45 .@m…`R…E
0060 - 0a 59 8c 0e df a0 98 03-db d3 5d 78 47 c4 4e ca .Y…]xG.N.
0070 - 4f 99 94 ec 69 fc 0a 36-bd 76 13 d0 0d 37 e3 0e O…i…6.v…7…
0080 - 9a e9 3b 75 56 41 67 7f-e0 df ec be da 77 4f e0 …;uVAg…wO.
0090 - 48 8f 7e e4 6d b4 ae b0-4b 4c 35 0b 18 e0 58 22 H.~.m…KL5…X"
00a0 - 89 6b ff fe de 9a 77 46-3a 32 77 48 af e6 d7 f7 .k…wF:2wH…
00b0 - 0b cc a4 89 da 12 04 ee-ec b0 d5 7b d5 48 54 70 …{.HTp
00c0 - dc 8f 44 4f a6 16 b5 d5-f0 88 42 09 32 ee 3b 56 …DO…B.2.;V
Start Time: 1613702672
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended
and the stderr…
depth=0 OU = Domain Control Validated, CN = *.lcecorp.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = *.lcecorp.com
verify error:num=21:unable to verify the first certificate
verify return:1