Hello there,
Is it a bug, is it a misconfigureation from me, I can’t explain.
I made a installation on FreeNAS, using a jail (this not really important) and I use a let’s encrypt wildcard certificate.
It work great on the web client (firefox), but the android client seems to not like it.
At the first try the client said tha the certificate is not sure, if I accept the security risk, the URL panel says that the server is misconfigured.
If I look at the detail of the certificat, it seems it’s not mine. No name, no organization valid form 03/05/2020 to 01/12/2030 (wich is not a let’s encrypt period of validity).
So I suspect the Android client to use an API endpoint wich not use my certificat.
Is there a documentation about that? Is it an issue or a misconfiguration? How can I solve that?
Thanks for your advice and reading me.
Take care.
If you see your real certificate from a browser and not from Android, maybe your Android device is compromised or connecting through a compromised network.
I never trusted Android, so have no experience with it. But what you need to do is to validate that your DNS is not compromised (it returns the proper address) and that the certificate you receive is the right one (what seems not to be as of now).
On IOS, I use an app called TLS Inspector for checking things like that. I do not know if it exists in the Droid world…
Hum,
I use my android device form the same network as my desktop computer, The DNS server is mine, and the certificate work great with the browser in Android device.
I have the same issue with News nextcloud client, but nextcloud takl client works great.
I really think that is an API endpoint which don’t use the web certificate.
Can you check on your server’s logfiles, which URL the client is really opening? Perhaps a slightly different hostname that let’s you end up in a different virtual host? Also check you ssl config with https://www.ssllabs.com/ssltest/
Nothing in the log of nginx when I try to connect with Android Nextcloud client.
But using firefox one the SAME andrdoid device, with the SAME url works.
The certificate sent by nextcloud to the Android client is not valid and it’s not my wildcard certificate.
There’s only one vhost
Ah you can see the certificate IS NOT valid. Mine is (see SSLLabs result).
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.foucry.net&s=2001%3A910%3A1086%3A1%3Aff%3A60ff%3Afeba%3Ab582&latest
Why do you use localhost?
I don’t use localhost. That the wrong certificate sent by nextcloud. If I used localhost, I cannot have an A at SSLLabs.
Then check which host is called by your smartphone, the webserver is normally sending your certificate.
