I'm seeking help with a MediaWiki 1.27.1 site that uses VisualEditor and parsoid. Everything worked perfectly until I switched from a non-secure site to using SSL (with a valid, commercial cert). Now I get an error 500 each time I try to launch VisualEditor. The problem goes away if I set:

parsoidConfig.strictSSL = false;

The cert is purchased from Comodo (PositiveSSL), not self-signed, and it yields a green padlock in Chrome.

I believe I'm using parsoid 0.6.1all on Ubuntu 16.04LTS. I also see Comodo root certs in /etc/ssl/certs.

The errors in the parsoid log are:

{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":40,"logType":"warning/api/unable_to_verify_leaf_signature","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Failed API request, {"error":{"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"},"retries-remaining":1}","longMsg":"Failed API request,\n{"error":{"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"},"retries-remaining":1}","levelPath":"warn/api/unable_to_verify_leaf_signature","time":"2016-12-07T01:00:28.297Z","v":0}

{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":40,"logType":"warning/api/unable_to_verify_leaf_signature","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Failed API request, {"error":{"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"},"retries-remaining":0}","longMsg":"Failed API request,\n{"error":{"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"},"retries-remaining":0}","levelPath":"warn/api/unable_to_verify_leaf_signature","time":"2016-12-07T01:00:28.333Z","v":0}

{"name":"../src/lib/index.js","hostname":"example","pid":23005,"level":60,"logType":"fatal/request","wiki":"example.com","title":"Home","oldId":null,"reqId":null,"userAgent":"VisualEditor-MediaWiki/1.27.1","msg":"Template Fetch failure for "Home": Error: unable to verify the first certificate","stack":"Error: Template Fetch failure for "Home": Error: unable to verify the first certificate\n at TemplateRequest.ApiRequest._requestCB (/usr/lib/parsoid/src/lib/mw/ApiRequest.js:395:15)\n at self.callback (/usr/lib/parsoid/node_modules/request/request.js:187:22)\n at emitOne (events.js:77:13)\n at Request.emit (events.js:169:7)\n at Request.onRequestError (/usr/lib/parsoid/node_modules/request/request.js:813:8)\n at emitOne (events.js:77:13)\n at ClientRequest.emit (events.js:169:7)\n at TLSSocket.socketErrorListener (_http_client.js:258:9)\n at emitOne (events.js:77:13)\n at TLSSocket.emit (events.js:169:7)\n at emitErrorNT (net.js:1256:8)\n at nextTickCallbackWith2Args (node.js:441:9)\n at process._tickCallback (node.js:355:17)","longMsg":"Template Fetch failure for "Home": Error: unable to verify the first certificate","levelPath":"fatal/request","time":"2016-12-07T01:00:28.340Z","v":0}

Any help appreciated! Dan