I set up my site I have ssl setup and working, works fine in chrome, works fine for postman. For whatever reason it does not work when twilio or curl trys to access it. It gives me a unable to get local issuer error.
The url im trying to get to work is https://anova.me/call/voice?phoneNumber= which is a post endpoint
I have setup a rails 4 webapp running on unicorn and nginx. The ssl cert i got from comodo
You can try https://anova.me/ and see that it works. My nginx looks like:
upstream app_server {
server unix:/var/run/unicorn.sock fail_timeout=0;
}
server {
listen 80;
root /home/rails/companiontv/public;
server_name anova.me;
index index.htm index.html;
listen 443 ssl;
ssl on;
ssl_certificate /home/rails/anova_me.crt;
ssl_certificate_key /home/rails/anova.key;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
try_files $uri @app;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_pass http://app_server;
}
Best Answer
Your site does not provide the necessary chain certificates. This is visible from the SSLLabs report:
Chrome on Desktop tries to actively work around this problem but other clients like curl or most mobile browsers don't work around such broken setups.
To fix you need to add the missing certificate (i.e. the extra download) to the file used for the
ssl_certificate
setting. Many CA issuers actually provide documentation on how to use their certificates with different servers so maybe you should have also a look there.Apart from that there are other serious problems with the SSL setup of the site, see the SSLLabs report for full details.