diff --git a/doc/ci/cloud_services/aws/index.md b/doc/ci/cloud_services/aws/index.md
index 5e13a09ff91d495226e3eb87d70fd3fb73205ea9..b7637a5e2353c8de01b58b535c39aff7116adc7b 100644
--- a/doc/ci/cloud_services/aws/index.md
+++ b/doc/ci/cloud_services/aws/index.md
@@ -105,3 +105,23 @@ This error can occur for multiple reasons:
 - The cloud administrator has not configured the project to use OIDC with GitLab.
 - The role is restricted from being run on the branch or tag. See [configure a conditional role](../index.md).
 - `StringEquals` is used instead of `StringLike` when using a wildcard condition. See [related issue](https://gitlab.com/guided-explorations/aws/configure-openid-connect-in-aws/-/issues/2#note_852901934).
+
+### `Could not connect to openid configuration of provider` error
+
+After adding the Identity Provider in AWS IAM, you might get the following error:
+
+```plaintext
+Your request has a problem. Please see the following details.
+  - Could not connect to openid configuration of provider: `https://gitlab.example.com`
+```
+
+This error occurs when the OIDC identity provider's issuer presents a certificate chain
+that's out of order, or includes duplicate or additional certificates.
+
+Verify your GitLab instance's certificate chain. The chain must start with the domain or issuer URL,
+then the intermediate certificate, and end with the root certificate. Use this command to
+review the certificate chain, replacing `gitlab.example.com` with your GitLab hostname:
+
+```shell
+echo | /opt/gitlab/embedded/bin/openssl s_client -connect gitlab.example.com:443
+```