SSL Certificate Android Not Working

Hello I’m Using Infinityfree Hosting Service. my domain : https://bdrazzak.ml SSL certificate working on my desktop chrome or edge browser .as well as good. But when browse my site on mobile device like Android 5.1.1 version . SSL certificate not working. Warning showing. What’s the problem?

Please help how to solve this problem.

2 Likes

I just visited both https://bdrazzak.ml and https://www.bdrazzak.ml with my Android 10 device. No problems with your certificate or your site serving SSL. Perhaps the browser you used on the device you tested does not support SNI? Is the wrong certificate being served when you visit?

2 Likes

The certificate “chain” is incomplete. If you install the certificates you may be able to correct this (e.g. maybe you are using a file named cert.pem and the fullchain.pem file is what you need) or if your hosting service does everything they may need to improve their process so as to ensure the server sends a complete chain.

Some browsers can work around this (and so it works in your desktop Chrome and Edge) by guessing what should be in the chain, but not all of them.

2 Likes

Thanks, Today it’s working fine … Problem automatically solve

1 Like

Automatically problem solve

1 Like

Hi @razzak

that’s wrong. @tialaramex has the correct answer, your chain is incomplete, that’s not fixed.

See your check, some hours old, now rechecked to see if it is really fixed - https://check-your-website.server-daten.de/?q=bdrazzak.ml#connections

Two entries in the chain are required, not only one.

Using fullchain.pem should fix that, see the correct answer from @tialaramex

PS: That’s a general problem with some older devices and the first call. So if you have the problem with Android 5.*, the working Android 10.* is completely unrelevant.

Trial and error answers are not helpful.

3 Likes

bro , i’m new in this sector how to find my fullchain.pem file or how to generate this file . and where upload the .pem file please help

2 Likes

All these informations are missing:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2 Likes

bro , i’m new in this sector how to find my fullchain.pem file or how to generate this file . and where upload the .pem file please help my domain : https://bdrazzak.ml

1 Like

Where your certificates end up depends upon the ACME client you use to get them. For now though, I decided to do you a solid and reconstruct your fullchain.pem, which contains your certificate and the ca bundle.

I downloaded your certificate from the PEM link on the bottom left from here:
https://crt.sh/?id=3305583743

I downloaded the ca bundle from:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt

I combined them to produce your fullchain.pem:
fullchain.pem (3.5 KB)

1 Like

Thank you very much brother where I will upload this fullchain.pem file

1 Like

You’ll need to check your configuration to see where your webserver is getting your certificate to serve it to visitors. There should be a line of code/text that specifies the folder (and usually the certificate filename). You will likely need to change the name of fullchain.pem to match that name. Be careful that you’re not overwriting a symlink or something though. Be sure to check the contents of the old file. You should only see the first certificate that you find in fullchain.pem. Lastly, make sure the permissions of the new certificate file are correct.

1 Like

You should probably dump infinityfree.

Note: using CA certificate chains

Most certificate vendors will ask you to install the CA chain certificates as well. These are not supported on InfinityFree and cannot be installed.

However, most browsers will recognize certificates from popular certificate issuers without a certificate chain as well, so you do not need the CA chain. Only certain outdated browsers may not properly recognize the certificates.

If you insist on using CA certificate chains, you could consider to [upgrade to premium hosting], where you can install your own certificates including their CA chains, as well as get fully automatic free SSL from Let’s Encrypt.

3 Likes

I think I’m going to be… :face_vomiting:

I Understand Bro… Infinityfree Hosting Service CA chain not support … upgrade premium hosting this ca chain use … thanks for your advice

2 Likes

I understand … thanks for advice

2 Likes

You’re welcome. Glad we could help somewhat. :slightly_smiling_face:

1 Like