We’re experiencing an oddity with Android clients. Attempting to connect to our on-prem server results in an ‘Oops! Chain Validation Failed’ message.
This is true for Android 9 and Android 10, running current builds of the client from Google Play (4.29 and 4.30 experimental).
We’re running RocketChat 4.8.1 on the server, behind a Caddy instance that handles the certificates through Let’s Encrypt.
Both phones will connect to the server using the web interface through Chrome and Firefox.
iOS clients connect without a problem.
We had no reported problems with 3.18. Android is not a commonly used client here. We upgraded the server about a month ago, and it’s not clear whether the problems we see now started then, or before, or since.
Having dug into the Caddy logs it seems there is an issue with OCSP stapling affecting all the reverse proxy sites. It’s not clear why this would only manifest in the Android Rocket Chat client. I haven’t yet worked out how to fix it. I’ll update this post once I have an outcome.
Hi ! I issue the same problem when the let’s encrypt certificate stop to auto renew (can’t reach the acme servers).
I put our wildcard certificate and declare them in caddy … but the chain was invalid, as you.
We need to recreat the entire chain to have a valid certificate for RC.
Unfortunately, due to many issues, wrong update and may bugs, the choice will be to use the zoom chat instead of rocket
FIXED! We thought we found a problem with the Caddy revers proxy server, but when we applied it nothing worked at all. We reverted the fix and restarted Caddy and now the RocketChat Android client is quite happy. Clearly the Caddy instance had got confused about something.
Thanks for your input @dudanogueira - it put us on the right track
