Closed russelltg closed 7 months ago
Some more information like the android log would be helpful. Could you post your log (censor domains/IPs if needed) here? Thanks
Unfortunately nothing that useful in them--
created_at,level,context,message,stacktrace
2024-03-07 07:34:03.548258,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.478698,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.412635,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.350590,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.298072,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.251440,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.195933,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.132691,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.076432,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:03.019777,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:34:02.952515,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
2024-03-07 07:33:59.967516,LogLevel.SEVERE,"HttpSSLCertOverride","Invalid SSL certificate for immich.xxx.com:443",""
Updated to 1.98.1 and still see the issue.
What type of phone and what model year?
It's a Pixel 7, running android 14 build UQ1A.240205.002
It's a Pixel 7, running android 14 build UQ1A.240205.002
Can you DM or email me the server name?
Done. Realizing it may be relevant that the cert is issued for *.xxx com, not specifically immich.xxx.com, altho I believe this should be valid.
I'm also getting this problem after switching from vanilla Nginx to Nginx Proxy Manager. Not sure what's the difference in the configuration. I tried modifying the ssl settings from my old nginx to match the settings in nginx proxy manager (and vice versa) to be the same yet it works with nginx but not with nginx proxy manager.
Done. Realizing it may be relevant that the cert is issued for *.xxx com, not specifically immich.xxx.com, altho I believe this should be valid.
Wildcard certs should be totally fine. Mine is working too.
I'm also getting this problem after switching from vanilla Nginx to Nginx Proxy Manager. Not sure what's the difference in the configuration. I tried modifying the ssl settings from my old nginx to match the settings in nginx proxy manager (and vice versa) to be the same yet it works with nginx but not with nginx proxy manager.
NPM should not be the problem at all, I have a working configuration.
I figured out my problem. I forgot to include the intermediate certificate.
I figured out my problem. I forgot to include the intermediate certificate.
When I get to my desk this is what I was going to double check.
The bug
I have a immich server setup behind a reverse proxy with certs from letsencrypt. Firefox on my Desktop and chrome on my phone both can connect to the website and have no warnings about self-signed certs, and say "Connection secure." But when I login in the app, it gives a handshake exception. If I go to settings and enable self-signed certs, it works properly, however this should not be required.
I'm happy to send my server URL to a maintainer, but would prefer to send it over email to avoid bots/etc.
The OS that Immich Server is running on
OpenWRT snapshot 02/19/2024
Version of Immich Server
v1.97.0
Version of Immich Mobile App
v1.97.0
Platform with the issue
Your docker-compose.yml content
Your .env content
Reproduction steps
Additional information
No response