This issue is confirmed on Python 3.13 and later, but it may also occur in any modern application that attempts to connect to VirtoCommerce over HTTPS when HTTPS is configured directly in the .NET application rather than through a reverse proxy.
A bug in .NET prevents it from exposing the full certificate chain (Certificate Authority → Intermediate Certificate Authority → Server Certificate) when an HTTPS connection is established. As a result, clients receive an incomplete chain, which leads to an “Unable to get local issuer certificate” error on Linux and similar errors on other systems, meaning the connecting application cannot verify the full chain because the CA or intermediate certificate is missing.
This issue occurs only when the connection is made from another application, since browsers such as Google Chrome can automatically fetch missing certificates.
To fix the issue, you can:
-
Disable certificate verification completely (but restrict this to localhost only, as otherwise it introduces a security vulnerability).
-
Use a reverse proxy to handle HTTPS connections.
The bug exists in all .NET versions, including the latest .NET 10.