[Freedombox-discuss] Can't get android phone to connect to radicale.
A. F. Cano
afc at shibaya.lonestar.org
Tue Feb 7 04:15:24 UTC 2017
On Mon, Feb 06, 2017 at 11:57:45AM -0500, Daniel Gnoutcheff wrote:
> ...
>
> This may be a sign that SSL certificate verification is failing.
> Stuffing that message into DuckDuckGo found me a fellow who got the same
> error message and eventually determined that his server's certificate
> had an unsuitable commonName value:
>
>
> http://stackoverflow.com/questions/12346368/android-httpsurlconnection-javax-net-ssl-sslexception-connection-closed-by-peer
>
> If that's the case here, then we somehow need to teach this thing to
> accept the cert or prepare a certificate that's more to its liking.
>
> What certificate are we using on https://192.168.1.27/? What's the
> commonName, and what's the signing CA?
Mmm... I had used the "letsencrypt" feature to obtain one. I just
checked and it was expired (valid through Jan 28 2017 it said - in
green). I tried to re-obtain a new one and I got this:
Failed to obtain certificate for domain <domain>.freedombox.rocks: Failed
authorization procedure. <domain>.freedombox.rocks (http-01):
urn:acme:error:connection :: The server could not connect to the client
to verify the domain :: Could not connect to <domain>.freedombox.rocks
Then I tried to revoke it and that worked, but trying to re-obtain it
gave the same error message above. That's where I'm stuck now.
The diagnostics returned "failed", predictably.
The dynamic DNS client is up to date as of 2 minutes ago.
> > If I disable the android firewall I get this:
> >
> > =================== Android log ====================
> <snip>
> > 2017-01-29 16:59:14 2 [HttpClient$1] <-- HTTP FAILED: java.net.ConnectException: Failed to connect to /192.168.1.27:443
> > 2017-01-29 16:59:14 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed
> > EXCEPTION java.net.ConnectException: Failed to connect to /192.168.1.27:443
>
> That indeed looks like a firewall block. Based on this, I'd say that
> fixing/disabling the firewall is necessary (but not sufficient) to get
> this working.
Stopping orbot and disabling the firewall seem to not fix the issue. I
don't see any packets going to/from the phone with wireshark, so there
is in fact a problem with the firewall on the phone. I'll keep digging
into this.
Still the certificate issue above is puzzling. Any hints? Thanks.
Augustine
More information about the Freedombox-discuss
mailing list