Android client reports Chain Vaildation Failed

We’re experiencing an oddity with Android clients. Attempting to connect to our on-prem server results in an ‘Oops! Chain Validation Failed’ message.

This is true for Android 9 and Android 10, running current builds of the client from Google Play (4.29 and 4.30 experimental).

We’re running RocketChat 4.8.1 on the server, behind a Caddy instance that handles the certificates through Let’s Encrypt.

Both phones will connect to the server using the web interface through Chrome and Firefox.

iOS clients connect without a problem.

We had no reported problems with 3.18. Android is not a commonly used client here. We upgraded the server about a month ago, and it’s not clear whether the problems we see now started then, or before, or since.

Any suggestions?

Hi Mike! And welcome to our community :slight_smile:

This is probably not related to the upgrade, but how you are reverse proxying it.

I suggest you to compare your domain SSL/TLS specs with our open server ( using one of those free online ssl tools.

Consider that TLS 1.3 should not be enforced.

Let me know if that helps.


Hi - and thanks for your input :slight_smile:

Having dug into the Caddy logs it seems there is an issue with OCSP stapling affecting all the reverse proxy sites. It’s not clear why this would only manifest in the Android Rocket Chat client. I haven’t yet worked out how to fix it. I’ll update this post once I have an outcome.

Hi ! I issue the same problem when the let’s encrypt certificate stop to auto renew (can’t reach the acme servers).
I put our wildcard certificate and declare them in caddy … but the chain was invalid, as you.

We need to recreat the entire chain to have a valid certificate for RC.

Unfortunately, due to many issues, wrong update and may bugs, the choice will be to use the zoom chat instead of rocket

Hi @Sico31 !

Sorry to hear that. :frowning:

Any chance you can revisit this decision? We can help you, if you want.


FIXED! We thought we found a problem with the Caddy revers proxy server, but when we applied it nothing worked at all. We reverted the fix and restarted Caddy and now the RocketChat Android client is quite happy. Clearly the Caddy instance had got confused about something.

Thanks for your input @dudanogueira - it put us on the right track :slight_smile:

1 Like