Cannot connect to my services with android devices [urgent]


#1

android recently released a web-view update that surprisingly blocks all “fetch” ( network request failed error ) calls to my server that has an nginx reverse proxy running on top of it and secured with lets encrypt ssl cert. I have went through alot of topics and community forms and applied various solutions that were posted

  • using fullchain instead of cert
  • specifc ciphers
  • etc. …

sadly, nothing worked till now. is there anything else that can solve this issue ?


#2

Hi @mo_ragab

what’s your domain name?

What says

https://www.ssllabs.com/ssltest/


#3

my domain name is token.careonline.care
and i have tested with ssltest and i have an overall rating of an A. I also added the full chain into my nginx with now results in an additional anchor warning from ssltest. This was just and experiment to see if android would still reject the call or not


#4

A Certbot-style “fullchain.pem” file doesn’t contain the extra anchor. Are you using Certbot? How is Nginx configured? What error message does the client show?


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#5

My domain is: https://careonline.care

I ran this command: fetch(‘https://token.careonline.care/firebaseManager/grenerateCustomToken’, {method:‘post’,body: {…}) on react-native

It produced this output: network request failed

My web server is (include version): nginx/1.14.0

The operating system my web server runs on is (include version): ubuntu 18

My hosting provider, if applicable, is: heztner

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#6

https://www.ssllabs.com/ssltest/analyze.html?d=careonline.care
shows that name is not on the cert in use.
That active cert only has these two names:

  • www.careonline.care
  • demo.careonline.care

So, however you got the cert with two names, just repeat that process for the three names.;

Additioanlly: You also need to address the incomplete chain issue.
https://www.ssllabs.com/ssltest/analyze.html?d=www.careonline.care


#7

This domain sends the root certificate. SSLLabs:

Path #1: Trusted
1 Sent by server token.careonline.care
Fingerprint SHA256: d9f0662ca376907b0e5437014958039a00f1df6318a43ca6952532a93cddefb8
Pin SHA256: e26f14U880RR4FEiMdUzGJILsXQR2MV0M8DtmjzYBxQ=
RSA 2048 bits (e 65537) / SHA256withRSA
2 Sent by server Let’s Encrypt Authority X3
Fingerprint SHA256: 25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
RSA 2048 bits (e 65537) / SHA256withRSA
3 Sent by server
In trust store DST Root CA X3 Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

So your file fullchain (or something else, should only have 2 certificates, not three.

But I don’t know if this is the solution. There are no other errors.


#8

If I surf to that site with my Android device (a coincidence :stuck_out_tongue:), I’m getting a valid TLS connection, but an error message from your server:

 Cannot GET /firebaseManager/grenerateCustomToken

Is your reverse proxy correctly set up?

Also, what does a verbose/debugging access and error log of your frontend (nginx) tell you, when you try that fetch command?


#9

@mo_ragab Is that a TYPO?
from:


#10

https://token.careonline.care/firebaseManager/generateCustomToken gives the same error :stuck_out_tongue: But good catch nonetheless :wink:


#11

After alot of digging, the error that shows up from react native fetch function “network request failed error” from the newest update android webview update is nothing but a compatibility issue with react-native. I updated my react-native and react versions to the latest and this issue was resolved. sadly, the error was VERY missing leading.

Thank you all for your help !. Greatly appreciated.