Did you try this already?
I’ve already said that I added the ssl_version only afterwards, after getting the error, just to see if it works by specifying the tls version.
I see, thanks. I’m out of ideas but I’ll follow @FossCoder 's argument that the certificate chain is broken, and the .pem is missing to provide all certificates. Probably it is only providing one certificate, and not the CA certificates bundled inside.
openssl verify can help here.