Handshake error on login

rhd_mantsa · September 17, 2024, 5:38pm

This is the error I get on some clients but not all.

HandshakeException: Handshake error in client (OS Error:
CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:393))

Happens on Linux and windows Ninja desktop app and Android app, but not in the web interface or iOS app. I had attempted an upgrade of my ninja server yesterday, and because that failed, I had to roll back the virtual machine to a state prior. Since then, this is happening.

Ideas? Of course, I will need to upgrade the server anyway, so I will ty that as soon as possible, probaly b spinning up a new one and migrating the data, since my existing Ubuntu 20 server doesn’t appear to be able to upgrade to 22.04 in place.

hillel · September 17, 2024, 5:56pm

Hi,

We’ve heard other reports of this issue but don’t yet know the source.

As a workaround you can click settings on the login screen and enter the server’s domain.

rhd_mantsa · September 17, 2024, 6:22pm

OK - tried the workaround and it doesn’t work. I am using a wildcard SSL cert. Tried the server’s actual hostname (subdomain), *. format of the domain and the primary domain - none of these work - same error.

Let me know if there is anything else I can try.

hillel · September 17, 2024, 6:26pm

It should be domain.com

rhd_mantsa · September 17, 2024, 6:44pm

You mean literally the string “domain.com”?
Also - the Linux app doesn’t appear to have a Settings button, how would I go about modifying that parameter there?

Thanks -

hillel · September 17, 2024, 6:50pm

Your domain in that format

The Snap is a bit behind, the Flatpak is up to date

rhd_mantsa · September 17, 2024, 7:10pm

OK. We tried that on the Android app, and it shot back the same error. Will try the WIndows app.

hillel · September 17, 2024, 7:52pm

If you’re seeing the error in both the Android and Windows apps I think the problem may be the certificate, are you using Let’s Encrypt?

rhd_mantsa · September 17, 2024, 8:42pm

No, I’m using a RapidSSL wildcard cert that is current and works on several other servers, as well as this one in other clients (iOS and the web interface). The web interface shows it expiring in September 2025 and having the full chain included, all the way to the root cert.

hillel · September 18, 2024, 4:37am

Sorry, I don’t have an answer.

The settings option on the login screen is a new feature, I’ll make a note to recheck it before the next release.

rhd_mantsa · January 28, 2025, 9:09pm

This is still an issue. I updated the server to the latest version and am able to load the ninja site in my browser as well as connect successfully to the iOS app, But the linux app still reports error “HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:393))” when I try to log into my self hosted ninja installation and there are no settings available to tinker with SSL domain options. Any progress on this? I have to use ninja in the browser, which makes it less efficient.

rhd_mantsa · January 28, 2025, 9:36pm

Nevermind. I installed the flatpak version and used the settings button. Was able to tweak it so that it logs in now.
For anyone else encountering this issue who is also using a wildcart certificate, the “magic” domain setting (custom SSL domain visible by pressing the Settings button) was the subdomain I am using for invoice ninja.

hillel · January 29, 2025, 5:38am

Glad to hear it’s working now!