Hello,

while setting up our Docker build we noticed that curl calls to https://www.princexml.com/ fail inside an Alpine Linux container with the following error:

curl: (60) SSL certificate problem: unable to get local issuer certificate

When checking with openssl s_client, the server only provides the leaf certificate for www.princexml.com, issued by:

Issuer: Sectigo Public Server Authentication CA OV R36

However, the corresponding intermediate certificate ("Sectigo OV R36") is not included in the TLS chain sent by the server.
As a result, clients such as curl (and other tools that do not perform AIA fetching) cannot validate the certificate chain.

Web browsers automatically retrieve the missing intermediate certificate, so this issue is not visible there. But in headless environments (e.g. Docker/Alpine CI pipelines) the TLS verification fails.

Recommendation:
Please configure the server to send the complete certificate chain, including the intermediate certificate, so that standard clients can verify the connection successfully.

Sorry for the inconvenience, the SSL certificate was just updated today. I have fixed the certificate chain now, can you confirm that it works for you?

Thank you for the quick fix! I’ve just tested it again, and the certificate chain now works correctly, curl in Alpine is able to verify the connection without any issues.

Really appreciate the fast response.