Android Device to Web Api

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

I can connect to my web api in debug mode but when I build a release apk the Android app will not connect to the site at all. Does Android recognize Let’s Encrypt Certs? If so, how can I confirm?

My domain is: https://wr.significantdigits.com

I ran this command: POST from Android OkHttp

It produced this output: json

My web server is (include version): Windows

The operating system my web server runs on is (include version): Not sure of the Windows version.

My hosting provider, if applicable, is: Host Gator

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Android 10.

According to SSL Labs, you cert is trusted by the Android Trust Store:
https://www.ssllabs.com/ssltest/analyze.html?d=wr.significantdigits.com

But it only checks Android to version 9.0, so it is difficult to say what is actually happening on Android 10.

Hi @rogersw8n

there may be a wrong definition, so the ip address, localhost or something else instead of your domain name is used to connect.

Check / share the exact command to connect.

1 Like

The device I am loading with the apk is running Android 8.0.

That is a great point and I did check that by having the app display a message with the address prior to posting. There is only one BASE URL which is https://wr.significantdigits.com. In debug it works perfectly.

Pleae see the Certificate Compatibility page of the Let’s Encrypt documentation.

Perhaps you could share a piece of the code which is making the HTTPS connection?

Your command and your output is required. json is no error message, so your error isn’t defined / is unknown.

1 Like

I’d be very surprised if it had anything to do with the URL but crazier things have happened I guess.

The URL is pieced together as you would expect with the following BASE URL and call.

public static final String BASE_URL = “https://wr.significantdigits.com”;

@POST(“api/Test/xxxxx”)
Call login(@Body UserModel user);

You are sure there isn’t a / required? At the end of the BASE_URL or before api?

2 Likes

It does not produce an error. It finds the site but I receive no return. There is no error otherwise my onFailure event would be raised.

I am certain because I call this exact same code from debug and works perfectly. I have also forced the app to pop up the url for display so I could confirm the address and it was correct.

By they way, I do sincerely appreciate all of the assistance I am getting with my question.

Then it’s an error in your application, not certificate relevant.

Or your error handling may be buggy, so you don’t see an error.

1 Like

Let me restate this, in debug I receive the full json return object. In release the response is null. In my web api I modified it to log as soon as anything hit the authentication controller. Nothing gets logged.

Ok, I’ll dig there a little more and see what I can find. I’ll post back what I uncover.

I have confirmed that my code was masking an error. It is still not fixed but I have confirmed the error is not the certificate. Thank you everyone for your guidance.

4 Likes

To add more detail and for others that may have this issue, the problem turned out to be a release build setting. In Android Studio - > Build - > Build Types under the release build type there is a setting called minify. If it is set to true Android Studio will decide what to “optimize”. It sometimes drops items incorrectly that it thinks is not needed. When I set this to false, my authentication object would then pass to my web api.

1 Like

Ah, thanks, good to know.

These are the “hidden sources” of some problems :+1:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.