I have a simple API for my iOS app running on EC2 Ubuntu.
I’m using LetsEncrypt cert for a while but recently I started to have bug reports from users saying that app isn’t working. Today it stopped working on my iPhone.
I tried to connect to the URL it is using and it says “Not trusted”:
On macOS Safari everything looks fine.
I renewed cert hoping that it will fix the problem but it didn’t help.
SSL Lab says that it should work on iOS but it doesn’t.
here is curl output:
~ ⟩ curl -kvI https://api.dartoapp.com:9001/station/test1 * Trying 18.104.22.168... * TCP_NODELAY set * Connected to api.dartoapp.com (22.214.171.124) port 9001 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=api.dartoapp.com * start date: Mar 11 18:18:58 2018 GMT * expire date: Jun 9 18:18:58 2018 GMT * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7ffeac806c00) > HEAD /station/test1 HTTP/2 > Host: api.dartoapp.com:9001 > User-Agent: curl/7.54.0 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 200 HTTP/2 200 < content-type: application/json; charset=utf-8 content-type: application/json; charset=utf-8 < content-length: 471 content-length: 471 < date: Sun, 11 Mar 2018 19:38:24 GMT date: Sun, 11 Mar 2018 19:38:24 GMT