Android App - handshake error in client

Version 5.11.24

App Version - latest in the play store as of Jan 21, 2025

Environment Self-Hosted

I have referenced some similar reports in the forum and the solution is always to use LetsEncrypt which I already do.
Web Browser client authenticates and shows the certificate as valid, however the Android client has a certificate verify fail (393) error.

I have more than one certificate names in my letsencrypt file as there are different urls (www, mail etc).
Most of these are defined in the Subject Alternate names which browsers will always parse to look for an identify match.
Does the Android App parse the subject alternate names as well or is it expecting the server identify to be present as the CN which at least in this case is not ideal as any traffic to the server first passes through the reverse proxy which for simplicity adds all the certificate names to a single file rather than multiple files and multiple renewals and is supported by letsencrypt ?

I have looked at the web server (nginx) logs and don’t see any specific issues unless there is a different log where it might be captured ?

Any help will be appreciated.

Hi,

It may help to click settings on the login screen and provide the domain of your server.

I had previously tried that without success. Just retried, same error.
Handshake error in client (OS Error: certificate_verify_failed) unable to get local issuer certificate(handshake.cc:393)

Does that mean the app does not parse the Subject Alternate Names for a valid match ?

I can more than likely add a standalone cert to the server, but it would add add some complexity to the proxy I would prefer to avoid if possible

Nevermind. I figured it out.

In the settings, the field name says “Domain” and I took that perhaps too literal and only defined the DN (which matched the certificate), and defined the FQDN in the URL field but when I added the FQDN to both fields it successfully connected.

Glad to hear it, thanks for the update!