Current check from my local machine:
$ openssl s_client -connect tracker.mxchange.org:443
CONNECTED(00000003)
depth=0 CN = tracker.mxchange.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = tracker.mxchange.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:CN = tracker.mxchange.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISBHB7eLZ80ckv6oD3NMCAcV8sMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTAyMDQwMjE5MjBaFw0yMTA1MDUwMjE5MjBaMB8xHTAbBgNVBAMT
FHRyYWNrZXIubXhjaGFuZ2Uub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEArB5sIFozAdrtd4+SJK2LYYLg+od6VoBYZITcElL9zIYOd1FvNFjB7F29
Yv0d7AIxXKsHhkFsqBzrUW69BLzWm5vl9lcYe7zaq04bRf7Fn6v+s0k9fAVFvTNr
GCxKmUjF10IINLe4vmoeMz+4vYrhTRCkIKYrbNP9FtnkgmYpqP4my73eqHAbiatR
v49vxt4anvn/NruhJKaBDQ0LSTTUAKoiD7+eLMo6o+FDNMOyfEH9HcD+AXkxyJYV
rLnunvzFW+DW3hjrcW+d4v7qaSxEV/LT2Qm00M+H0I/YNBSIjRGsUcihFfXJqhSY
RiYb4PCuTTO4o3uzMreQ1CmBcLO1kwIDAQABo4ICUDCCAkwwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBRr4z8FMQzgF/95QJcAZ49pBOUKgjAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzAfBgNVHREEGDAWghR0cmFja2VyLm14Y2hhbmdlLm9yZzBMBgNVHSAE
RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw
Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2
AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABd2sNKNoAAAQDAEcw
RQIgZEYAnVK3UidSuLtOYmOdD3+Wb1b38y9u4IhGVK+WzX4CIQCTsGIcLGhP7jE1
n9pI833vwWb4yb6Pma6NdlfsWNuWcQB3AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/
LmqXaJl+IvDXAAABd2sNKNsAAAQDAEgwRgIhAJgS4cajmkOZqRVojbeLHemvwQb8
X/EAAsWin8jyq6UjAiEA+HLPMMQCnewUtyKI06Og8CVb3FmOr4QRs5noFw5Vt2Yw
DQYJKoZIhvcNAQELBQADggEBAD/jeb4iCAAPtlziwI2pLEewh3TNIhycEFf5t4GJ
LfTEEjq0IjclJRbUF83Z5ZHWhS1W6tedVgCRhJFdPJOE097NunxeuMuguU/a+oUH
WRSbH7sanpqoXykVdKFP++2swWOnU947o9Oj0/986ykTe6YWT/gb2TR44nrkLnM0
NCDqC5C5JugbTr7O8KLMmx47zOPDFgKY/B/XwRBEO7HdOg1l/FjCKVFVULKfhBdW
8NnRFLGRUuj6RPXnUKdOVSJ72jhh/fVxaICf/Fv+HZX44zlSKnUTcYbSJKrTCu25
OpyqizzyhkhaLGtpumjLCIKzp1+u2Umkec1hmFxg/QCFjos=
-----END CERTIFICATE-----
subject=CN = tracker.mxchange.org
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3070 bytes and written 392 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 4784D31415D4070293C10CC8EF96134A52F5C1554EF55F801990B3154F2EE46E
Session-ID-ctx:
Resumption PSK: FE87932E7CFD3DA6A212022559A5D118FFD268F645CFEF1760DB799A89C56C6F04DF5F6CC682B96F51061BDADCA60FC9
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 35 28 20 06 a2 1d ea 19-0e a8 51 71 5d 5c 7a 43 5( .......Qq]\zC
0010 - 33 ae 6d d3 a7 05 cf a7-21 4b 45 b2 6e bf 51 1f 3.m.....!KE.n.Q.
0020 - d8 78 05 95 c0 95 2b 41-4f 8a ad 7f cd 24 93 81 .x....+AO....$..
0030 - e2 95 12 61 40 c2 ed 73-88 32 cb 91 96 b3 b9 8e ...a@..s.2......
0040 - 82 b5 2d c6 39 51 fb 0c-08 f4 ea db 80 c9 3b f8 ..-.9Q........;.
0050 - ed e9 3d 4b 1c 16 68 c4-07 6d ee ba 31 04 2c 20 ..=K..h..m..1.,
0060 - 35 c8 85 7e a0 92 56 e4-21 14 12 c1 af 1c df 7d 5..~..V.!......}
0070 - 70 8c fc dd de 89 dd 87-bc 35 ca 18 2d 5b c7 e4 p........5..-[..
0080 - 44 78 08 da 6f 9f 81 b8-f7 e1 38 5e e1 ec 80 7c Dx..o.....8^...|
0090 - ab 6d 5c 10 89 67 ad 14-9b 90 00 07 b9 6a 8d 87 .m\..g.......j..
00a0 - d1 e3 43 5e df ed fd 9a-ac b8 e1 fa 06 0b 0f d6 ..C^............
00b0 - 9f d1 85 55 39 f3 31 0a-06 6c 7c 7d 0e f8 bb bc ...U9.1..l|}....
00c0 - 0e 05 97 a1 af da b8 92-2a 4b 39 27 cd df c1 af ........*K9'....
00d0 - 63 c9 8f ab ea 61 87 42-aa 85 a3 d7 75 71 87 23 c....a.B....uq.#
00e0 - 91 80 64 77 cc 53 66 00-c2 fb 51 f1 86 e4 05 74 ..dw.Sf...Q....t
00f0 - 9f ad 83 2d e1 eb 5c dc-ae 9c 21 60 84 e9 6f 74 ...-..\...!`..ot
Start Time: 1613215188
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 019433D6AD6C9AF24C784449D3D2E7E7000B20C764A09433001A39AC91D28377
Session-ID-ctx:
Resumption PSK: E989322CE219A283B9C9AB71816B10D2DDECCF9D6033E54942C412F2564D455B566FF8000A746FCFFCA4F5E3B6349D83
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 35 28 20 06 a2 1d ea 19-0e a8 51 71 5d 5c 7a 43 5( .......Qq]\zC
0010 - 20 5d b3 33 c2 9b 5a 03-ce 98 f6 48 25 c0 b3 e1 ].3..Z....H%...
0020 - 34 5f 8e 0a 0b d7 f9 38-6f 31 dc 1e 8d c5 d4 2c 4_.....8o1.....,
0030 - 78 2d cd f8 5a 3c 73 00-4e 5d 6d a6 17 10 32 c8 x-..Z<s.N]m...2.
0040 - 2f a8 ab a1 4c 3a 28 1a-c1 ee 3b 19 80 20 3d 59 /...L:(...;.. =Y
0050 - 40 2b 1e 60 de 4b 2f eb-ee e3 c7 7a fe 4b e0 63 @+.`.K/....z.K.c
0060 - f5 6b 06 cb c8 5d 9a 18-fc f1 d1 04 d4 96 a7 c1 .k...]..........
0070 - fd bf 03 48 ae 08 b3 68-10 fb 36 bf 2c 70 dd 5a ...H...h..6.,p.Z
0080 - aa 05 19 7c 15 2e ce e0-64 5c b1 bf e4 e1 25 61 ...|....d\....%a
0090 - c0 24 38 4e 1e 9a a8 44-10 a0 ab 76 b8 0b 24 c7 .$8N...D...v..$.
00a0 - 21 26 41 93 63 45 a6 8d-d6 a9 c9 81 d1 7c df 54 !&A.cE.......|.T
00b0 - 36 ce 20 24 7c cc 3a 15-4a 27 62 d1 89 a7 f6 0c 6. $|.:.J'b.....
00c0 - 87 ec a9 d9 e5 93 60 bf-d0 3e 62 aa f6 c6 48 f3 ......`..>b...H.
00d0 - 64 2d b9 e8 5c 33 cb de-6b ab 31 d6 38 6a 49 6a d-..\3..k.1.8jIj
00e0 - 00 23 a5 80 01 b7 0e cd-89 e5 82 ce 2a 13 cb 81 .#..........*...
00f0 - 1b 3b 64 6d 16 40 78 8e-65 ef 21 2f bb 52 14 bb .;dm.@x.e.!/.R..
Start Time: 1613215188
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
The first certificate cannot be verified. I think it is the "base" certificate I locally created and self-signed. Do I have to reorder the certificates here? It did work for many years!