My domain is: ss.gurumaps.app
I've tried to run POST request using HttpURLConnection from Java. It works on most devices. I've tried different
But on Samsung S10 (samsung-samsung-SM-G973W \ API v30) of one of my users it throws (java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.).
My web server is (include version): nginx 1.21.3-1~bionic
The operating system my web server runs on is (include version): Ubuntu 18.04.5 LTS
My hosting provider, if applicable, is: Hetzner
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol v3.0.1
Ensure that the service you are connecting to is configured to use the full certificate chain (certbot produces a
fullchain.pem file) including intermediates, otherwise the OS will try to resolve intermediates by itself.
It could be the device (likely Android 9) does also need an update but check your server chain first.
It's fullchain already. You could check it at https://ss.gurumaps.app And device is Android 11 (API 30). But I can't force all users to update their devices. Some of them stuck at Android 4.4.2
Ok, the chain looks fine and should be compatible. If you can't resolve the issue and you are getting mixed results from different users I'd suggest looking at changing CA. There's no reason that version of Android should be throwing an error, that I know of unless it's some OS feature that optionally enforces path validation to the root (enterprise users?).
Seems you're right. I have to try to switch to Cloudflare on mission critical services.
Since cloudflare proxying is free it's fairly easy just to move a domains DNS to it and get their certificates for free, you can then toggle their proxying off and on whenever you want to. It's very useful to have analytics on your APIs as well.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.