Open Nav

How to Fix “Unable to Verify the First Certificate” Error

You’re trying to access a website or make an API call and — boom — you’re hit with an error: “Unable to Verify the First Certificate.” Panic? No! We’re going to break this down, figure out why it happens, and fix it step-by-step.

What Does This Error Mean?

This error is all about SSL certificates. When you visit a site that uses HTTPS, your browser checks its certificate. If something’s off, you’ll get an error message. “Unable to verify the first certificate” means your browser or app can’t trust that certificate chain. In other words, it’s missing a link in the chain that proves the site is secure.

It’s like being introduced to someone new without knowing their references. You ask, “Who vouches for you?” and they shrug. Not a good sign!

Why Am I Seeing This Error?

There are a few main reasons this might happen:

  • The server didn’t send all the required certificates.
  • The certificate is self-signed or from an unknown authority.
  • The intermediate certificate is missing.
  • Your app or browser is old and doesn’t recognize modern certificate chains.

Okay, now that we know why, let’s look at how we can fix it.

Fix #1: Check the Certificate Chain

Start by inspecting the site’s SSL certificate. You can use tools like:

Just enter the site URL and these tools will tell you if any certificate is missing. If the intermediate certificate isn’t served, that’s your likely issue.

SSL Certificate- Not Secure

Fix #2: Add the Missing Intermediate Certificate

If you manage the server, you’re responsible for sending all the certificates. This includes:

  1. Your site’s certificate
  2. Intermediate certificate(s)
  3. The root certificate (optional but often included)

Fixing this means updating your server’s certificate file to include the right chain. Most SSL providers offer a “bundle” or “chained certificate” file. Use that!

For example, on an Apache server:

SSLCertificateFile      /path/to/site.crt
SSLCertificateKeyFile   /path/to/site.key
SSLCertificateChainFile /path/to/intermediate_bundle.crt

Restart your web server after making the change.

Fix #3: Update Your Certificate

Maybe your certificate is just out of date or no longer trusted (it happens!).

Let’s Encrypt stopped supporting certain DST Root CA certificates in 2021. If your system or browser hasn’t kept up, that’s a problem.

To fix:

  • Renew your certificate from a trusted CA like Let’s Encrypt, DigiCert, or Sectigo.
  • Make sure your tools (like Node.js or curl) are using updated root certificates.

Trust is the issue here. New certificate = new trust.

Fix #4: Use the Full Certificate Chain in Code

If you’re calling an API from Node.js or a backend system, you may need to pass the full certificate chain manually. This is key when the target server doesn’t have all certificates set up correctly.

A bad server setup shouldn’t break your code, but sadly, it can.

Here’s an example in Node.js using https and axios:


const fs = require('fs');
const https = require('https');
const axios = require('axios');

const agent = new https.Agent({
  ca: fs.readFileSync('complete_chain.pem')
});

axios.get('https://example.com', { httpsAgent: agent })
  .then(response => console.log(response.data))
  .catch(err => console.error('Error:', err));

NOTE: You should get the correct CA file from the certificate issuer and not skip verification (no rejectUnauthorized: false here!) unless it’s for a test.

Fix #5: Check Client Environment

If you’re not the server owner, the problem could be on your end. Yes, you!

SSL errors can be caused by outdated software, expired root CAs, or misconfigured tools. Here’s what to do:

  • Update your operating system. Older systems might lack root certificates.
  • Update browsers like Chrome or Firefox.
  • Bump versions of Node.js, Python, OpenSSL, or Curl depending on your stack.

Fix #6: Don’t Disable Verification (Seriously)

You might be tempted to skip verification with flags like:

  • NODE_TLS_REJECT_UNAUTHORIZED=0
  • curl --insecure

Don’t do it! It’s like taping over the “Check Engine” light instead of fixing your engine.

You’re disabling security. And that’s never a good idea, especially in production.

Common Use Case: Node.js Issues

Node often throws this error when:

  • The server didn’t send the full cert chain
  • The local root store is missing entries
  • You’re behind a corporate proxy with intercepted certs

To fix in Node without disabling security:

  1. Update Node to the latest version.
  2. Use a custom CA file as shown above.
  3. If using Axios or Fetch, pass a custom agent or cert bundle.

Bonus Tip: Test with OpenSSL

Use this command to see what certs are returned:


openssl s_client -connect example.com:443 -showcerts

You’ll see the certificate chain as sent by the server. Count the certs! Missing one? There’s the issue.

Recap: Fixing the First Certificate Error

This can be tricky. But now you know how to fight back!

Steps to take:

  1. Check the certificate with an online tool
  2. Add any missing intermediate certificates to the server
  3. Renew or update outdated SSL certificates
  4. Ensure client software is up-to-date
  5. Use full certificate chains in your app code

This nasty certificate error is no match for your new skills.

Closing Thoughts

Errors like “Unable to Verify the First Certificate” can feel like roadblocks. But in reality, they’re just little mysteries. Once you understand SSL — the puzzle starts to make sense.

Stay calm. Think technically. Solve smartly. And don’t forget to keep your software and certificates updated.

Happy debugging!

Published on September 15, 2025 under .

Emily Harris