Android App isn't accepting certificate


#1

Hi!
First: Thanks to Let’s Encrypt for the easy way of requesting a certificate.

I’ve set up a certificate on my webspace including several domains. It’s working perfectly on PC and in the browsers of Android. But if I want to make a HTTPS-Request from my Android-App it gets the error “couldn’t load webpage”.
I got the same error by using certificates from CAcert. I thought it’s because android doesn’t trust them.
But Android should trust Let’s Encrypt. (In the standard browser it works without any errors.)

What could be the reason for the error?

Thanks in advance, m.b


#2

…Chip away some b#llcr#p about certificate chain… Didn’t read the “and in the browsers of Android”-part… Oopsie…

Test your server at SSL Labs and hopefully you’ll most likely find some kind of warning/error?


#3

SSL Labs says for IPv4 and IPv6 grade A.

I’m using this Library on Android: http://loopj.com/android-async-http/
It throws the following exception:
javax.net.ssl.SSLException: hostname in certificate didn't match

It seems like it gets the certificate from my hoster and not the Let’s Encrypt certificate…
The Android browser shows the Let’s Encrypt certificate.


#4

Does the SSL Labs test say anything about “This site only works with SNI” or something? Anything about SNI?

Although I don’t think it’s likely your library wouldn’t implement SNI… That would be rather stupid…

Uch, shouldn’t have said that…: https://github.com/loopj/android-async-http/issues/224


#5

I can’t find anything about SNI on the SSL Labs site but I know my hoster uses SNI. And I found this: https://github.com/loopj/android-async-http/issues/991

I guess I have to look for another library?


#6

Libraries that depend on Java 6 in 2015 year are bad. Yes, consider looking.


#7

If your hoster uses name-based hosting (instead of IP-based), it should give a blue box with “This site works only in browsers with SNI support.” in it in the Summary section at the top, just below the “A” and graphical rating bars.


#8

There is no blue box…


#9

Interesting :neutral_face:

One might say using a library which is missing the SNI feature should work if your hosting isn’t fully depending on SNI… :confused:


#10

Can I look at your hostname? You can send via private messages.


#11

I’m new here. How can I write a private message?


#12

Go to my profile: https://community.letsencrypt.org/users/selecadm/activity

On the right there will be “Message” button.


#13

I don’t find it. Can you write me a private message and I anwser?


#14

I use now Volley (http://developer.android.com/training/volley/index.html).
Volley supports SNI.

Thanks!