This is normally caused when you send a self signed certificate does not have a trusted CA in it's chain.
Typically you would resolve this by adding HTTPSCAFile or HTTPSCADir to your config. This is the equivalent to adding -CAfile and -CApath to openssl s_client.