"No certificate found" prompt on Chrome in Android

mrconter1 · January 5, 2020, 10:13am

Hello!

I am experiencing problems where I get prompted with the following message on Android when visiting the site with Chrome:

No certifcate found. (image)

SSLLabs rates my website encryption as grade A.

The address to the server is:

https://snippetdepot.com/home/

The server is run using aiohttp 3.6.2 on Debian 10.2. I am currently hosting it on Vultr. I have root access via SSH and the certbot version is 0.31.0.

The following code is used to set up the SSL context in python:

cert = '/etc/letsencrypt/live/snippetdepot.com/fullchain.pem'
key = '/etc/letsencrypt/live/snippetdepot.com/privkey.pem'
ssl_context = ssl.create_default_context()
ssl_context.verify_mode = ssl.CERT_OPTIONAL
ssl_context.load_cert_chain(cert, key)
web.run_app(app, ssl_context=ssl_context, host='78.141.209.170', port='443')

The prompt also occurs on Android with Samsung Internet and on Mac OS with Safari. It does not seem to be a problem on Linux while using Firefox or Chrome.

Changing fullchain.pem either chain.pem or cert.pem does not seem to make any difference.

Any ideas of how to solve this?

JuergenAuer · January 5, 2020, 10:35am

Hi @mrconter1

there is a request of a client side certificate, not a server side certificate.

So your server has an option activated: "Client certificates optional / required".

Remove that.

mrconter1 · January 5, 2020, 11:06am

You seem to be correct. Changing this line:

ssl_context.verify_mode = ssl.CERT_OPTIONAL

To these:

ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE

Solved the problem. Thanks!

system · February 4, 2020, 11:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.