bastian@ryzen:~$ openssl version
OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)

bastian@ryzen:~$ openssl s_client -showcerts -connect www.mueller.es:443
CONNECTED(00000003)
depth=0 serialNumber = HRA 720465, jurisdictionC = DE, businessCategory = Private Organization, C = DE, ST = Baden-W\C3\BCrttemberg, O = M\C3\BCller Holding GmbH & Co. KG, CN = www.mueller.es
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 serialNumber = HRA 720465, jurisdictionC = DE, businessCategory = Private Organization, C = DE, ST = Baden-W\C3\BCrttemberg, O = M\C3\BCller Holding GmbH & Co. KG, CN = www.mueller.es
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 serialNumber = HRA 720465, jurisdictionC = DE, businessCategory = Private Organization, C = DE, ST = Baden-W\C3\BCrttemberg, O = M\C3\BCller Holding GmbH & Co. KG, CN = www.mueller.es
verify return:1
---
Certificate chain
 0 s:serialNumber = HRA 720465, jurisdictionC = DE, businessCategory = Private Organization, C = DE, ST = Baden-W\C3\BCrttemberg, O = M\C3\BCller Holding GmbH & Co. KG, CN = www.mueller.es
   i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Extended Validation Secure Server CA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Apr  9 00:00:00 2022 GMT; NotAfter: Apr  9 23:59:59 2023 GMT
-----BEGIN CERTIFICATE-----
MIIIHjCCBwagAwIBAgIRANsf0i2LeVPZYS705SpEWe0wDQYJKoZIhvcNAQELBQAw
gZExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE5MDcGA1UE
AxMwU2VjdGlnbyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVy
IENBMB4XDTIyMDQwOTAwMDAwMFoXDTIzMDQwOTIzNTk1OVowgbQxEzARBgNVBAUT
CkhSQSA3MjA0NjUxEzARBgsrBgEEAYI3PAIBAxMCREUxHTAbBgNVBA8TFFByaXZh
dGUgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJERTEbMBkGA1UECAwSQmFkZW4tV8O8
cnR0ZW1iZXJnMSYwJAYDVQQKDB1Nw7xsbGVyIEhvbGRpbmcgR21iSCAmIENvLiBL
RzEXMBUGA1UEAxMOd3d3Lm11ZWxsZXIuZXMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCleYOiFlOfVTJ3fgiBQuM7b6Asr2zDo37nmGgFb2PlmxH07SGM
N0QU4EgiL95skWbm9KtPA5mVTvB7tIUtQJ89bohtrrjAjs9KeEQzR7xqFgCUqiEq
ARGTiJUy8O80xgw5N7dpfbvDHmezNd+vqmh5i7yBicWD1LBqk1NoGLZ6BjcCqLct
sT77+Omeo5iV6nslyoy6Yb+TsiOOMCmH+J7GpmW8i198qq5mSkjaIltNLaXS5rF7
Od+OUSwoqi0Qr1en1/wblsTXHgOYEcS+O82HnTG2YDGBLanXwSyxqbbbwyql6xPK
1WOgLf2cJ/U7QplyrN058rgcp3Q2Z9PYP5SFjOnjeP8h712YCHpHVQP2vX5Be52g
32Rc6hprmpi4Xzbo9B+QNmQFtFTbbtkKd3i8+VJOvsKnl1zS0MBOjm7WG8QzAge1
D/WwEcvvdUNuFu2bwLvdt8Xd38rvW81b+ILQ3JEob5w/c1vmWWIPTEwDZgfhOhB6
d/ii5La0G+lO4AWH77ZrAXtwkvvWdDQnw/kZg5gocc9gegLbwnnC4Rhwo1TXfZF2
9t7l+BV8O2FJtc4HtQ21Srn5obmanggyHKcZ0t7JEel4H8UJMzFbc/QsFSz8mGGt
mltb525/oUj1VC1/Cnhjxyb7mJ+fe07xwCoBUOBS2muC3gVwdm4n4TNrHQIDAQAB
o4IDSjCCA0YwHwYDVR0jBBgwFoAULGn/gMmHkK404bTnTJOFmUDpp7IwHQYDVR0O
BBYEFBbaE7V8XJhB0mwXb8I9q4dnP/pLMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB
Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBA
MDUGDCsGAQQBsjEBAgEFATAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28u
Y29tL0NQUzAHBgVngQwBATBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLnNl
Y3RpZ28uY29tL1NlY3RpZ29SU0FFeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2
ZXJDQS5jcmwwgYYGCCsGAQUFBwEBBHoweDBRBggrBgEFBQcwAoZFaHR0cDovL2Ny
dC5zZWN0aWdvLmNvbS9TZWN0aWdvUlNBRXh0ZW5kZWRWYWxpZGF0aW9uU2VjdXJl
U2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNv
bTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUArfe++nz/EMiLnT2cHj4YarRn
KV3PsQwkyoWGNOvcgooAAAGADmysiwAABAMARjBEAiApiHNK2CH4bllVj9pSVieh
rLA0uqoqChqOSXQJHrNw4QIgJL06Tn6YSyV0HsQXEEqfb/auqkUuuqftbmLeyixP
FjUAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAYAObK+eAAAE
AwBIMEYCIQD7Z9bW/jLHCU3ld7eEZWxHkgVyqEui2u+iY6yKIbjbtAIhAOKrjSmg
KhFk3lJO65JM7/ll4rFKAxTW3A++8ex11UkQAHYAejKMVNi3LbYg6jjgUh7phBZw
MhOFTTvSK8E6V6NS61IAAAGADmysUQAABAMARzBFAiEAxkeOM+zUYiNSZcQKiHhH
twdbudsSHaS2l/9bF4mu+bUCIHPRcXwh4YUjShtUylZ58vqR9rVIhdRpjnyWOQ+I
qZRnMBkGA1UdEQQSMBCCDnd3dy5tdWVsbGVyLmVzMA0GCSqGSIb3DQEBCwUAA4IB
AQBSWe4D5nHCIKVIXNkjcL/tOCj8hhoJ4YQnB+sHI5FS7us3PQ+P5Wev0vRAFGPA
BcZMo+ON+DJ7WyporvJWu5nfepS300dtW+VSXo7Qg5LZinhRRQ+ilDDiiVSG9fRS
gi/Ax7pqqOp9+7rHSfvVxqpYwQhziz5zkyWzt34YXPYQL+wa2Z0U/E/vm5U+wMs7
GZeDxsPOWzLL+taqDz+pYC/+A/zY+2efVEuuz2MKY9NtzhTD57GfnXRggeCy5uGI
xmjnm/rNTdNlWBOWG8uXJwA7kbq4qd/s82pbtp9kTw7LLVVsl8rdy16TTE77zJ8p
7QHNeOpjVbze0blnWJwE2/K8
-----END CERTIFICATE-----
---
Server certificate
subject=serialNumber = HRA 720465, jurisdictionC = DE, businessCategory = Private Organization, C = DE, ST = Baden-W\C3\BCrttemberg, O = M\C3\BCller Holding GmbH & Co. KG, CN = www.mueller.es
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Extended Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2894 bytes and written 396 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 187CDE6F98AEB7EA659433DF5C44D6C2BFD8996F7F135E030D524790983A505C
    Session-ID-ctx: 
    Resumption PSK: 7BDD1FB360E5B86CA742EC49F0970B4B974EF57AE14C3FA3A3B1D76CDB8BF281E1467A2B72FED81664708577E4E93F50
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 10800 (seconds)
    TLS session ticket:
    0000 - da 28 fe ec 1a 86 34 f1-3f 51 90 38 96 f1 9f e1   .(....4.?Q.8....
    0010 - bf 97 d2 7b d0 0e a9 45-12 98 d9 9c 15 fc df 41   ...{...E.......A
    0020 - 66 c2 07 21 8d a0 33 66-2c 65 bc 25 16 36 e2 ae   f..!..3f,e.%.6..
    0030 - b9 ec 16 79 13 b7 7d 65-42 be 45 a2 2b 30 71 b1   ...y..}eB.E.+0q.
    0040 - 6f b4 41 16 46 f9 39 f1-96 49 e8 c0 e6 a2 c5 bd   o.A.F.9..I......
    0050 - 26 59 0b 6a f9 cd c3 68-98 7c 23 f8 4c 55 41 72   &Y.j...h.|#.LUAr
    0060 - c2 f6 40 21 b9 d0 31 be-d3 a6 92 dd 3c c6 6c 7e   ..@!..1.....<.l~
    0070 - 1b b3 a9 66 31 1a 6f 11-9f 83 79 d4 00 6f e5 d5   ...f1.o...y..o..
    0080 - 7b 49 e3 bb 98 e2 19 c5-0d 6b e7 5c 09 88 6d 87   {I.......k.\..m.
    0090 - 6b cc 1a 3e fb cb 67 c7-fd 51 f5 d0 22 0b 70 12   k..>..g..Q..".p.
    00a0 - 2b 29 91 d0 38 bf bf 0f-1e 38 e9 60 4a 9a 5b 4b   +)..8....8.`J.[K
    00b0 - a3 d1 25 0b 33 61 f1 f5-02 58 5e 92 43 07 16 ef   ..%.3a...X^.C...
    00c0 - 0c e4 5c a8 74 a5 a5 13-bb 68 2f 0e 71 94 68 12   ..\.t....h/.q.h.

    Start Time: 1665215444
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 09398D3522712B1F0606A51F495CE1D2F0692F0518B0C36961B89FBA1069662A
    Session-ID-ctx: 
    Resumption PSK: 15C7FAD6E7E8844BCBD5B524C5E85A80A1DA95964E8A49873CF0FCD55D2C0DDF72429C0B5ACDCBCF7E5467C5106206C9
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 10800 (seconds)
    TLS session ticket:
    0000 - da 28 fe ec 1a 86 34 f1-3f 51 90 38 96 f1 9f e1   .(....4.?Q.8....
    0010 - d2 62 aa bc 94 be cc 7b-d9 bf 6e da eb e0 1f 43   .b.....{..n....C
    0020 - 99 84 88 83 2e 64 b0 73-19 16 c9 ad 04 cf 02 74   .....d.s.......t
    0030 - 9c 60 48 7c ef 5a 87 8f-2b 1d bf 8b 1f 48 45 3a   .`H|.Z..+....HE:
    0040 - 10 90 cb 0e 8c b4 9f 45-9e db c6 df 36 f1 9f 49   .......E....6..I
    0050 - 82 2d 31 6a 5e 2b cb 01-3f 0e 26 25 15 3f a4 7e   .-1j^+..?.&%.?.~
    0060 - d9 71 09 bb 6d 6d 78 3a-c0 b9 52 53 ed d6 8c b9   .q..mmx:..RS....
    0070 - 95 15 93 7d 98 b4 80 04-13 72 13 21 89 11 26 be   ...}.....r.!..&.
    0080 - fc e4 61 76 b7 0a 58 42-91 93 12 e3 0f 5a 0e d6   ..av..XB.....Z..
    0090 - f9 3f e1 31 a7 f0 f8 5a-3b 71 55 ed a0 71 84 29   .?.1...Z;qU..q.)
    00a0 - 54 1a 9e 2e 7d 4f a4 08-b3 cc a3 0f 03 6e b7 f6   T...}O.......n..
    00b0 - 15 4b 6d bc 3a ca f6 06-83 cc 36 dc 31 89 eb b9   .Km.:.....6.1...
    00c0 - cf 39 b3 70 a8 bc 7b 52-88 9c 49 66 20 2b ec 37   .9.p..{R..If +.7

    Start Time: 1665215444
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK