harvester sees SSLError SSLCertVerificationError when harvesting DOI source

[FuhuXia]

This error started a week ago when harvesting url https://datainventory.doi.gov/data.json

Harvester reports error:

ConnectionError getting json source: HTTPSConnectionPool(host='datainventory.doi.gov', port=443):
Max retries exceeded with url: /data.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer
certificate (_ssl.c:1129)'))).

curl shows the same kind of error:

$ curl -I  https://datainventory.doi.gov/data.json
HTTP/1.1 200 OK
Server: Caddy
Content-Length: 0

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

SSL certificate is fine for Chrome browser:

How to reproduce

Check harvest source /harvest/test-new-doi-datajson

[FuhuXia]

It appears the issue is on DOI side, their Digicert SSL certificate is incorrectly installed.

The server is not sending the required intermediate certificate.

https://www.digicert.com/help/
https://www.sslshopper.com/ssl-checker.html#hostname=datainventory.doi.gov

[hkdctol]

Awaiting answer from DOI

[jbrown-xentity]

In checking the cert via @FuhuXia 's link above, it's reported as valid now. So we should be able to re-harvest this source...

[jbrown-xentity]

Fuhu is correct, there is still a broken piece in the chain. Check curl (as per the description), or see here:

[FuhuXia]

All checks are green now. curl command is successful. datainventory.doi.gov has its SSL certificate fixed.