Android Studio emulator does not accept Let's Encrypt certs


#1

An Android emulator comes with the Google Android Studio. The emulator includes a pre-installed browser, which is surprisingly not the Chrome for Android.

That browser gives an error “The certificate isn’t from a trusted authority.” for the certs signed by the Let’s Encrypt. But the same browser can access other https sites without any problems. For example, it can access this very forum https://community.letsencrypt.org.

Is that an emulator problem? Or, can Let’s Encrypt do something about it?

Thanks.


#2

Does the emulator accept https://helloworld.letsencrypt.org/?

This forum site isn’t using a Let’s Encrypt cert, but helloworld is. If the emulator will accept helloworld but not your site, then you probably have a problem with your certificate chain (not serving the intermediate cert).


#3

Yes.

In fact, I have re-launched the emulator and it accepts mine by now. Most likely, it is an emulator related problem.

Thanks for the help.


#4

If the emulator changed its behavior over time (first rejecting the certificate and later accepting it), it’s a very likely symptom of not having the server configured to serve the full chain. If you used our Python client, you should have chain.pem or fullchain.pem, alongside cert.pem; one of these needs to be provided to the server software (as the “chain” or “CA certificate”).

You can check your site with the tester at https://www.ssllabs.com/ssltest/; one of the things that they check for you is whether your certificate chain is being served correctly.