Android Device to Web Api

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I can connect to my web api in debug mode but when I build a release apk the Android app will not connect to the site at all. Does Android recognize Let’s Encrypt Certs? If so, how can I confirm?

My domain is: https://wr.significantdigits.com

I ran this command: POST from Android OkHttp

It produced this output: json

My web server is (include version): Windows

The operating system my web server runs on is (include version): Not sure of the Windows version.

My hosting provider, if applicable, is: Host Gator

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Android 10.

According to SSL Labs, you cert is trusted by the Android Trust Store:
https://www.ssllabs.com/ssltest/analyze.html?d=wr.significantdigits.com

But it only checks Android to version 9.0, so it is difficult to say what is actually happening on Android 10.

Hi @rogersw8n

there may be a wrong definition, so the ip address, localhost or something else instead of your domain name is used to connect.

Check / share the exact command to connect.

The device I am loading with the apk is running Android 8.0.

That is a great point and I did check that by having the app display a message with the address prior to posting. There is only one BASE URL which is https://wr.significantdigits.com. In debug it works perfectly.

Pleae see the Certificate Compatibility page of the Let's Encrypt documentation.

Perhaps you could share a piece of the code which is making the HTTPS connection?

Your command and your output is required. json is no error message, so your error isn't defined / is unknown.

I’d be very surprised if it had anything to do with the URL but crazier things have happened I guess.

The URL is pieced together as you would expect with the following BASE URL and call.

public static final String BASE_URL = “https://wr.significantdigits.com”;

@POST(“api/Test/xxxxx”)
Call login(@Body UserModel user);

You are sure there isn't a / required? At the end of the BASE_URL or before api?

1 Like

It does not produce an error. It finds the site but I receive no return. There is no error otherwise my onFailure event would be raised.

I am certain because I call this exact same code from debug and works perfectly. I have also forced the app to pop up the url for display so I could confirm the address and it was correct.

By they way, I do sincerely appreciate all of the assistance I am getting with my question.

Then it's an error in your application, not certificate relevant.

Or your error handling may be buggy, so you don't see an error.

Let me restate this, in debug I receive the full json return object. In release the response is null. In my web api I modified it to log as soon as anything hit the authentication controller. Nothing gets logged.

Ok, I’ll dig there a little more and see what I can find. I’ll post back what I uncover.

I have confirmed that my code was masking an error. It is still not fixed but I have confirmed the error is not the certificate. Thank you everyone for your guidance.

3 Likes

To add more detail and for others that may have this issue, the problem turned out to be a release build setting. In Android Studio - > Build - > Build Types under the release build type there is a setting called minify. If it is set to true Android Studio will decide what to “optimize”. It sometimes drops items incorrectly that it thinks is not needed. When I set this to false, my authentication object would then pass to my web api.

1 Like

Ah, thanks, good to know.

These are the "hidden sources" of some problems :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.