Certificate Is Not Trusted Node.js Express LetsEncrypt Cannot Connect From Android App Client

lastpeony · June 15, 2023, 2:26pm

I generated a LetsEncrypt certificate and configured my nodejs server(v16.17.1) with this options:

var options = {

        key: fs.readFileSync('/etc/letsencrypt/live/drogoapp.xyz/privkey.pem','utf8'),
        cert: fs.readFileSync('/etc/letsencrypt/live/drogoapp.xyz/fullchain.pem','utf8'),
        ca:fs.readFileSync('/etc/letsencrypt/live/drogoapp.xyz/chain.pem','utf8')
 };

I can succesfully reach my server https through browsers. But when i try it from my android app using volley i get this error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I tested this website to find where is the error and here is the result:
https://www.ssllabs.com/ssltest/analyze.html?d=www.drogoapp.xyz

There is a name mismatch but i am not sure it is the issue. It should be because i typed with www because ssllabs didnt supported without it.
Why my certificate is not trusted? This should be the reason why i cannot connect through android app

By the way i disabled letsencrypt certificate for now so if you use a tool to do a test it wouldnt work

MikeMcQ · June 15, 2023, 2:57pm

Yes, you got a cert with only drogoapp.xyz in it. If you also want to use a www subdomain for it you must get a new cert with both names.

Your site looks offline right now but check just the root name on SSL Labs

As for your android app error about the trust anchor, that is a different problem. You need to configure your app to use the system default CA trust store. I am not expert in android volley apps so don't know how this is done. Check its docs, or any support forum for it, or maybe some other volunteer here will know more.

rg305 · June 15, 2023, 5:56pm

Then you need to fix your web site to support both names.

lastpeony · June 15, 2023, 7:07pm

Previously i was using ngrok to stream my local host and its url was starting with https. without any extra configuration i was able to send requests with volley but on my server it doesnt work

rg305 · June 15, 2023, 7:08pm

Hairpining problem?

system · July 15, 2023, 7:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate not trusted on android Help	21	13033	April 2, 2017
LetsEncrypt certificates fails on Android phones running Android 7 or older Help	4	10683	October 26, 2023
Android SSL WebSocket Help	5	3573	September 16, 2023
Let's Encrypt cert not trusted by Android Help	4	11734	May 7, 2018
GMail Client Trust anchor problem Server	2	5142	January 2, 2016

Certificate Is Not Trusted Node.js Express LetsEncrypt Cannot Connect From Android App Client

Related topics