I remember someone signing up to Hexadecimal and adding 19 websites in a very short time. One of them was marked down straight ahead. What threw me off was that the website was accessible from the browser but not the command line (unlike anything I saw before). So something along these lines:
curl -v https://incomplete-chain.badssl.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it.
After trawling through various mailing lists for about 2 hours and poking around the command line, I found out that their web server was misconfigured such that it had a missing (intermediate) certificate in the chain. Browsers can work around this by using the Authority Information Access extension (AIA) to download missing certificates in the chain, while curl (and OpenSSL) can’t do that. I had to manually add the missing certificate to all my servers and update the certificate store before the problem was gone.
Soon after I found about the issue, I shoot them an email letting them know that I’m working on it. After I solved it, I prepared a short postmortem describing what went wrong.