Self-signed certs are a pain. One of the things to check is that the entire chain is trusted, not just the root certificate: