Android Question OkHttpUtils2

RUNO

Active Member
Licensed User
Longtime User
I used my app 1 year not have any problems, but now my app can't connect to server

This message
ResponseError. Reason: javax.net.ssl.SSLHandshakeException: Chain validation failed, Response:

I have SSL in server before ,why now
Can anyone help?
 

DonManfred

Expert
Licensed User
Longtime User
Can anyone help?
You are not providing enough informations.

Upload a small project showing the issue.

Or at least post url and all relevant code.
What version of android are you using on your device?
 
Upvote 0

drgottjr

Expert
Licensed User
Longtime User
there is a known let's encrypt issue with android. you have to compile your app with the conditional compiler option: HU2_ACCEPTALL in build configuration. (this may or may not cause a problem if your app is on play.) whether the problem will ever be resolved is unclear.
 
Upvote 0

drgottjr

Expert
Licensed User
Longtime User
In lower Androids. On my Android 11 Device it works fine.
@DonManfred, can you do me a favor, please? let me have the url of the site you used that has a letsencrypt cert.

i have an android 11 device, and my site has a valid letsencrypt cert (see attached image (#1).
if i access it with okhttputils2 with no compiler option (#2),
access fails (#3).
if i add the HU2_ACCEPTALL compiler option (#4),
the request succeeds (#5).

i would like try the url you used to see if its letsencrypt cert differs somehow from mine and if access with no compiler option succeeds.

thanks a lot.
-go
 
Upvote 0

drgottjr

Expert
Licensed User
Longtime User
many thanks. issue resolved: cert configuration matter. all good. but there still is the matter of the OP's problem. can he access site with compiler option? also, it looks like server is his. if, in fact, the cert is valid, then his issue might be the same as mine: he needs to point his server to where "fullchain.pem" is located (instead of "cert.pem"). that apparently solves the "Trust anchor for certification path not found" exception. when i made the change, i no longer needed the compiler option. since letsencrypt automatically renews its certs every 3 months, the configuration could be the problem.
 
Last edited:
Upvote 0
Top