$ pacman -Qo /etc/ssl/certs/
/etc/ssl/certs/ is owned by ca-certificates-utils 20240618-1
/etc/ssl/certs/ is owned by openssl 3.3.2-1

$ curl -v https://www.tvrplus.ro/live/tvr-1
* Host www.tvrplus.ro:443 was resolved.
* IPv6: (none)
* IPv4: 193.186.33.61
*   Trying 193.186.33.61:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* closing connection #0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

$ SSL_CERT_FILE=$(python -c 'import certifi;print(certifi.where())') curl -v https://www.tvrplus.ro/live/tvr-1
* Host www.tvrplus.ro:443 was resolved.
* IPv6: (none)
* IPv4: 193.186.33.61
*   Trying 193.186.33.61:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /home/basti/venv/streamlink-312/lib/python3.12/site-packages/certifi/cacert.pem
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* closing connection #0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

$ streamlink --http-no-ssl-verify https://www.tvrplus.ro/live/tvr-1
[cli][info] Found matching plugin tvrplus for URL https://www.tvrplus.ro/live/tvr-1
[warnings][insecurerequestwarning] Unverified HTTPS request is being made to host 'www.tvrplus.ro'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  /home/basti/venv/streamlink-312/lib/python3.12/site-packages/urllib3/connectionpool.py:1099
[warnings][insecurerequestwarning] Unverified HTTPS request is being made to host 'tvr-tvr1.cdn.zitec.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  /home/basti/venv/streamlink-312/lib/python3.12/site-packages/urllib3/connectionpool.py:1099
error: Unable to open URL: https://tvr-tvr1.cdn.zitec.com/live/tvr1/main.m3u8 (403 Client Error: Forbidden for url: https://tvr-tvr1.cdn.zitec.com/live/tvr1/main.m3u8)