[Freedombox-discuss] Can't get android phone to connect to radicale.

A. F. Cano afc at shibaya.lonestar.org
Tue Feb 7 04:15:24 UTC 2017

On Mon, Feb 06, 2017 at 11:57:45AM -0500, Daniel Gnoutcheff wrote:
> ...
> This may be a sign that SSL certificate verification is failing.
> Stuffing that message into DuckDuckGo found me a fellow who got the same
> error message and eventually determined that his server's certificate
> had an unsuitable commonName value:
> http://stackoverflow.com/questions/12346368/android-httpsurlconnection-javax-net-ssl-sslexception-connection-closed-by-peer
> If that's the case here, then we somehow need to teach this thing to
> accept the cert or prepare a certificate that's more to its liking.
> What certificate are we using on  What's the
> commonName, and what's the signing CA?

Mmm...  I had used the "letsencrypt" feature to obtain one.  I just
checked and it was expired (valid through Jan 28 2017 it said - in
green).  I tried to re-obtain a new one and I got this:

  Failed to obtain certificate for domain <domain>.freedombox.rocks: Failed
  authorization procedure. <domain>.freedombox.rocks (http-01):
  urn:acme:error:connection :: The server could not connect to the client
  to verify the domain :: Could not connect to <domain>.freedombox.rocks

Then I tried to revoke it and that worked, but trying to re-obtain it
gave the same error message above.  That's where I'm stuck now.
The diagnostics returned "failed", predictably.
The dynamic DNS client is up to date as of 2 minutes ago.

> > If I disable the android firewall I get this:
> > 
> > =================== Android log ====================
> <snip>
> > 2017-01-29 16:59:14 2 [HttpClient$1] <-- HTTP FAILED: java.net.ConnectException: Failed to connect to /
> > 2017-01-29 16:59:14 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed
> > EXCEPTION java.net.ConnectException: Failed to connect to /
> That indeed looks like a firewall block.  Based on this, I'd say that
> fixing/disabling the firewall is necessary (but not sufficient) to get
> this working.

Stopping orbot and disabling the firewall seem to not fix the issue.  I
don't see any packets going to/from the phone with wireshark, so there
is in fact a problem with the firewall on the phone.  I'll keep digging
into this.

Still the certificate issue above is puzzling.  Any hints?  Thanks.


More information about the Freedombox-discuss mailing list