Hi @Heryk,
Sub filter with Nginx is great, this makes maintenance a lot easier because you can pull container updates without having to worry about overwriting with your own xml each time.
We have narrowed in that this is a certificate issue specifically for the pods making requests. I suggested python because that is the same package/language that specify is using, but I don’t think that it has to be python+requests specifically. What I believe will matter more is that whatever is making the request has the same access to certificate intermediate information as requests does when making the request.
I can replicate the error by using the following
import requests
request = requests.get("https://incomplete-chain.badssl.com")
print(request.text)
Running curl will also get me the same error
curl "https://incomplete-chain.badssl.com"
If you run curl from inside of one of the pods against https://mycology.devsp.cfs.nrcan.gc.ca/web_asset_store.xml
can you reproduce the error?