RocketChat
bug: app V4.67.0 on Android 13 and older can not connect to rc-instance with current certificate (while Browser on same device can)
Describe the Bug
Hi RocketChat-team,
the current Rocket.Chat.ReactNative-app V4.67.0 on Android 13 and older can not connect to a RocketChat-instance with current certificate saying "invalid url" while a browser like firefox on same device has no problems.
The issuer of the certificate is harica, which is the current certificate authority for GÉANT the european research communities (universities etc.).
We tried different certificates (ec/rsa) with different sizes etc.
Is there a work around this?
Or will there be a version of the Rocket.Chat.ReactNative-app with a current own list of certificate chains?
regards
Steps to Reproduce
Trying to connect to a server as described above.
Expected Behavior
Problem free TLS-connection to the Server
Actual Behavior
the current Rocket.Chat.ReactNative-app V4.67.0 on Android 13 and older can not connect to a RocketChat-instance with current certificate saying "invalid url".
Rocket.Chat Server Version
7.7.9
Rocket.Chat App Version
V4.67.0
Device Name
Multiple Android phones like Huawai, Google Pixel
OS Version
at least Android 13 and older
Additional Context
browsers like firefox on same device have no problems.
The issuer of the certificate is harica, which is the current certificate authority for GÉANT the european research communities (universities etc.).
We didn't change anything related to certificates on 4.67.0 https://github.com/RocketChat/Rocket.Chat.ReactNative/releases/tag/4.67.0
It's usually an issue on certificate on backend, like on #6596 #6294 You can also download older official APKs and try it for yourself, like 4.66.1
Yes you did not change anything, but:
Since some people do not refresh their Tech-stack on a yearly base, it is more than likely, that users will have older devices with an older operating system missing newer certificate-chains.
As I wrote: The all european university- and Research-Comunities have a NEW certificate-chain since January 2025. All the old certificates from last year (and with an old certificate chain) are getting invalid by December 31st at the latest, you should change something. Since the new certificates will all have the new chain.
It seams that the browser developers can handle this problem, maybe this could be a possibility how the RocketChat-App-ecosystem could handle certificate-chains in the future.
Of course you could ignore this, if students and universities etc. are not your target group
Best Regards
@matacino I was just trying to understand if the issue is only on 4.67, like you described. If it's not the case, then we'll have to evaluate our options. Can you send us a workspace URL, so we can try it ourselves and work on a fix? Otherwise it's going to be complicated.
at the moment there is a Let's encrypt certificate in place.
But you could simply try a website like https://www.upm.es/ or https://www.uni-leipzig.de or https://www.eur.nl/ or https://www.nhlstenden.com etc. — then you could see if the ssl/tls-connection-process is successful.
Hey @matacino, can you share the workspace URL where you are getting the "invalid URL" error? I tried all four URLs mentioned above and none of them are running the Rocket.Chat instance.
