Score:1

iOS saying ssl is invalid from letsencrypt

co flag

I’m using letsencrypt for a few sub domains one of which is chat.mydomain.com which is setup as an alias of the main domain in Apache because it uses a socket on specific port and doesn’t require a doc root.

The chat server is written in node, it runs in the background using forever and the chat code uses a socket on port 3002.

Everything works fine except on my iPhone. If I’m on the computer in safari or chrome the browser connects to the chat socket but on iOS it tells me the certificate is invalid when I look at the error console from safari. It doesn’t give anymore info that that, but because of the error the chat doesn’t work.

Weirdly a colleague, as we were testing the chat was experiencing some strange issues on his Mac in chrome where messages wouldn’t send or receive but they worked on my iMac and MacBook (2017 and 2019 if that’s relevant)

Is the letsencrypt certificate no good for this? I think there were also issues on his end across the video streaming server we created as well , first it wouldn’t connect him to the video session with me but after refresh it did connect, this is also using letsencrypt for the ssl.

Steffen Ullrich avatar
se flag
Likely that is a misconfiguration on the server side, which some browsers can work around and other systems can not. Check out the misbehaving server at [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html) and watch out for problems shown. My guess it will be about chain issues, i.e. missing intermediate certificates. It is not a missing quality of the certificate, it is instead a failure of applying the certificate properly in the server.
MMMWeirdo avatar
co flag
Ok thanks, the certificate was installed with certbot and I took a copy of the cert and key pem files linked up to the socket connection in the node program.
Steffen Ullrich avatar
se flag
*"I took a copy of the cert and key pem ..."* - If you are using only cert and key then you are missing the chain certificates, which is exactly the situation I've described as misconfiguration.
MMMWeirdo avatar
co flag
You’re right, I haven’t included the chain file. I’ll give that a try cheers.
dave_thompson_085 avatar
jp flag
@SteffenUllrich+ SSLLabs by policy only tests servers on standard HTTPS port 443. www.sslchecker.com does not have this limitation, and does a decent job on the cert/chain, though not checking the rest of the protocol like SSLLabs.
mx flag
Could this be related to the Let's Encrypt CA certificate that expired last month?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.