Certificate chain configured incompletely

Currently, the certificate chain for aai.helmholtz.de is not properly configured resulting in SSL verification errors. This also affects the pipeline of hifis.net in which the domains are excluded: https://gitlab.hzdr.de/hifis/hifis.net/-/blob/5258f75787506cc58033f4fdae7b64a88c957d39/.gitlab-ci.yml#L161

This can be reproduced via curl:

$ curl https://aai.helmholtz.de
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Also, testssl.sh documents the incomplete chain. Adding the intermediate certificates should fix the error.

Chain of trust               NOT ok (chain incomplete)