...
Numerous problems related to TLS encryption come down to a simple reason: The web server is configured improperly.
More specifically, many web servers - (especially ones not facing the internet - ) lack the full certificate chain. They only serve their server certificate.
Reason
Technically, TLS encryption works with only the server certificate, but to verify the trust, you need the chain.
Modern browsers assemble the certificate chain themselves, which covers up the issue of a missing chain, but many CLI tools and programming languages expect the chain from the web server.
...