> ... this is because your desktop browser uses the Certificate Authority root certificates that are distributed with your operating system, whereas LWP::UserAgent does not know about them.
The problem is not that the root CA is not trusted by LWP but that the intermediate CA is missing (broken server setup) and thus the trust chain cannot be created. Desktop browsers often successfully work around such broken setups by using cached certificates or downloading missing CA from the web but other clients (Python, Perl, Java, mobile apps...) don't do this workarounds and thus fail with broken sites.