React-native: fetch fails with [TypeError: Network request failed] on Android with certain url

cc @lexs

Turns out OkHttp/Android rejects the certificate, error is java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

More info about this here: http://developer.android.com/training/articles/security-ssl.html

This is not a RN issue but rather an issue with api-dev.semios.com certificate. You'll either have to accept pin their certificate or accept all (bad). You should talk to Semios about this. I'll close this out.

Their cert looks OK:

Maybe check that you're not getting MITM'd by your device, development laptop (if you're proxying traffic through it), or your ISP.

@ide Somehow Android/OkHttp still rejects it. Might wanna try the request with vanilla OkHttp.

I don't think this is MITM or anything like that as both me and @bosung90 could repro this.

This blog post might describe what's happening: http://steveliles.github.io/android_ssl_certificate_not_trusted.html

Also this: https://crosswalk-project.org/jira/browse/XWALK-937

Adding in my case here: Similar situation as OP, https URL failing with [TypeError: Network request failed] on Android, successful on iOS, certificate showing as valid in browser.

In my case, had SSL setup on nginx with Let's Encrypt but left out the intermediate certificates, i.e. I was using the cert.pem instead of fullchain.pem. This thread has some more info. Once I got the intermediate cert configured correctly, Android/OkHttp accepted it.

I'm having a similar issue but mine isn't even related to SSL. I'm just trying to run the example fetch from the RN docs calling out to http://facebook.github.io/react-native/movies.json. When I try it out on the simulator its fine. But when I plug in my device and and deploy it to that using react-native run-android it can't seem to successfully load the data.

fetch('http://facebook.github.io/react-native/movies.json')
      .then((response) => response.json())
      .then((responseJson) => {
        //works fine in simulator
        this.setState({title: responseJson.title})
      })
      .catch((error) => {
        //hits this everytime on the actual device
        console.error(error);
      });

Any suggestions?

+1

fix dont use fullchain.pem

use
SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/$DOMAIN/chain.pem

@ilyago, could you please provide some more info about fix? Where we shouldn't use fullchain.pem and should those three lines you wrote?

Maybe my experience will be helpful for someone: Stack Overflow
You should use Android SDK Platform version 23 on emulator.

^ What's the solution to htis? Your stack overflow link is dead. Can't seem to get it working...

@ericmasiello same here. Is it fixed?

@arundev-kv I wish I could remember. It’s been 2 years. Sorry I can’t be of more help.

@arundev-kv we had to chain our keys. I also can't exactly remember the steps we took, but it was quite simple, we just cat'd the 2 or 3 keys into a file and voilà.

https://community.letsencrypt.org/t/solved-why-isnt-my-certificate-trusted/2479