I have SG behind reverse proxy to serve HTTP and HTTPS (WS/WSS) for my mobile application. Few days ago my certificates has been updated by certbot and now i can not connect to SG any more.
I have this error message by CB lite
CouchbaseLiteException{CouchbaseLite,5008, javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (CouchbaseLite Android v3.0.15-2@34 (EE/release, Commit/a7471c131d@d4f3838733c5 Core/3.0.15 (2) at 2023-10-23T18:39:30.573Z) on Java; Android 5.1.1; CIVINTEC)'}
Does anyone has the similar problem and what is solution for that issue?
This is essentially the client telling you that the cert you’re serving with your reverse proxy isn’t trusted by the client.
What CA are you using with certbot? LetsEncrypt? Non-staging? Are you using the full chain cert?
Android 5.1 is pretty old and you’ll need a cross-signed cert for it to be trusted on anything older than Android 7.1.1. There’s more info from Lets Encrypt themselves about this.
As a heads up, their cross-signed chain is also expiring this September (2024)! So expect further disruption then.