We just had this same issue come up when we installed a newly minted certificate just this last week. I've also seen it two other times...yet I'm slow to learn. In all 3 cases I had to get the "intermediate certificates" and install them. In other words My cert was good but it's signer or it's signer's signer wasn't correctly installed. Make sure you go to your certificate provider's site and get the correct intermediate certificates and install them as well on your server and then this warning will go away.

可能不仅仅是上面的原因，也可能是客户没有更新列表……但我会确保这不仅仅是你没有完全安装正确的证书，然后再到客户端，并确保他们的列表更新。

如果问题是一个已知的根CA缺失，并且当你使用ubuntu或debian时，那么你可以用这一行来解决问题:

sudo apt-get install ca-certificates

首先，需要安装SSL证书。说明(基于https://stackoverflow.com/a/4454754/278488):

pushd /usr/ssl/certs
curl http://curl.haxx.se/ca/cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ".pem"}'
c_rehash

以上已经足够修复curl了，但是wget需要一个额外的符号链接:

ln -sT /usr/ssl /etc/ssl

我有类似的问题，并通过暂时禁用我的反病毒(卡巴斯基免费18.0.0.405)修复了它。该反病毒具有HTTPS拦截模块，自动自签名它在HTTPS响应中找到的所有证书。

来自Cygwin的Wget对AV根证书一无所知，所以当它发现网站的证书与不信任证书签署时，它会打印这个错误。

要在不禁用AV的情况下永久修复此问题，您应该将Windows证书存储中的AV根证书以.pem文件(base64编码)的形式复制到/etc/pki/ca-trust/source/anchors中，然后运行update-ca-trust

如果您使用的是windows，只需转到控制面板，单击自动更新，然后单击windows更新网站链接。照着这一步做。至少这对我来说是有效的，没有更多的证书问题，即每当我像以前一样去https://www.dropbox.com。

只做

apt-get install ca-certificate