The solution

I found that certificate chain funny, so I reordered the certificates in the file that contains them, and reconfigured Landscape (see ). Now the client will connect to Landscape:

landscape-config --import= -t $(hostname -f) --script-users=me,you,everybody --silent --registration-password=verysecretofcourse
Fetching configuration from
Writing SSL public key to /etc/landscape/client.conf.ssl_public_key...
* Stopping landscape-client daemon!
* Starting the landscape-client daemon
Please wait... System successfully registered.          

The ssl-check gives prettier output now, but still the same non-zero exit code:

depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
Certificate chain
0 s:/C=NL/O=Rijksuniversiteit Groningen/OU=CITNWD/
  i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=
2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=
  i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
  i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root