INCF website not sending a complete certificate chain

Currently, if you attempt to fetch through a command-line tool or library (like Python requests), you get an SSL failure:

❯ curl -sSL
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Checking SSLLabs, this is because the intermediate signing certificate is not being sent by the server:

It looks like an old certificate bundle is being used. DigiCert root and intermediate CA certificate updates 2023 indicates that the chain being sent corresponds to the pre-2023 chain, while the certificate is actually signed by “RapidSSL TLS RSA CA G1”.

@PradeepGeorge Not sure who to ping about this. I think all that’s required is to re-download a certificate bundle from RapidSSL and deploy it.

Note, this issue was discovered due to the persistent failures of in the BIDS link checking CI test.

@effigies Thanks for checking and informing us. Really appreciated. I will forward the details to our network admin.

@effigies Can you check whether it is working now?

Looks great, thanks!