Some data: - ISPConfig Version: 3.1.15p2 - Ubuntu 16.04 (up-to-date) (php 7.0.33-0ubuntu0.16.04.7) - Set up with the Perfect Server tutorial (thanks for that!) - site configuration: SuExec on, Own Error-Documents on, Auto-Subdomain www, SSL on, Let's Encrypt SSL on, PHP: Fast-CGI, PHP version default This works fine in browsers. There is a PHP script on the server that tries to access its own frontend using file_get_contents(). This produces some errors: Core: Error handler (BE): PHP Warning: file_get_contents(http://www.bordercollies.nl/index.php?id=71&L=0): failed to open stream: operation failed in /web/typo3conf/ext/solr/Classes/IndexQueue/PageIndexerRequest.php line 407 Core: Error handler (BE): PHP Warning: file_get_contents(): Failed to enable crypto in /web/typo3conf/ext/solr/Classes/IndexQueue/PageIndexerRequest.php line 407 Core: Error handler (BE): PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /web/typo3conf/ext/solr/Classes/IndexQueue/PageIndexerRequest.php line 407 These errors are produced consistently with various URLs. If I request the same URLs with wget the contents are retrieved without errors. Next, verification with openssl: # openssl s_client -servername bordercollies.nl -connect bordercollies.nl:443 </dev/null CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = bordercollies.nl verify return:1 --- Certificate chain 0 s:/CN=bordercollies.nl i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIGbzCCBVegAwIBAgISA/wKd40IDqAURGDiioe5EWV9MA0GCSqGSIb3DQEBCwUA [...] 9WvUob9WTyXWEOqbVpHxSMhYqA== -----END CERTIFICATE----- subject=/CN=bordercollies.nl issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3795 bytes and written 456 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: ACBE3B84C3DF889D54[...]9EDCA649C560E6247EF7 Session-ID-ctx: Master-Key: E653B6F7239041BE93[...]F5DF7D9FF09DFFC9CAF Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 6d b0 ea 67 66 72 aa 10-b8 d1 4e b7 05 9d 49 f1 m..gfr....N...I. [...] 00c0 - 6d 32 78 bc 65 38 2e 93-dd 49 89 bd f0 d0 83 12 m2x.e8...I...... Start Time: 1578525021 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE Let's Encrypt certificate seems fine, but somehow PHP doesn't accept it. Is there something missing in the PHP configuration? Thanks for any ideas to solve this! Regards, Jigal.