"Trust anchor for certification path not found"

[samboosa58]

Source information

Mangadex

Source language

English

Steps to reproduce

"java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."

This is showing up for extensions including Mangadex and Mangahere despite trusting them and despite uninstalling/reinstalling Mihon and the extensions, clearing caches, etc.

Expected behavior

Extensions are trusted and should update

Actual behavior

Series wont update and extensions won't open webview

Mihon/Tachiyomi version

0.16.3

Android version

Android 13

Other details

No response

Acknowledgements

• [X] I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open or closed issue.
• [X] I have written a short but informative title.
• [X] I have updated the app to version 0.15.3.
• [X] I have updated all installed extensions.
• [X] I have tried the troubleshooting guide.
• [ ] I have admitted that I am a clown by having checked this box, as I have not read these acknowledgements.
• [X] If this is an issue with the app itself, I should be opening an issue in the app repository.
• [X] I will fill out all of the requested information in this form.

[beer-psi]

Try these solutions:

• Set correct device date/time.
• In More -> Settings -> Advanced, clear cache and cookies.
• Change network (Wi-Fi, mobile data, VPN)
• Restart device.

This is not a problem with the app or the extensions, the website is presenting an invalid certificate.

[GreyAlex205]

Hello. I have same problem on Android 6.0.1 Tachiyomi 0.15.3 ext AllHentai 1.4.44 Error: Trust anchor for certification path not found. Domain https://20.allhen.online

• Day time correct.
• Clear cache and webview cache
• Change network and try shadowsock
• Restarted
• Update WebView to 95* version
• Chrome 106

Don't have any solution((

What i found: In Chrome, if i start it not from WebView, i get correctly working site https://20.allhen.online without any problems.

In WebView for https://20.allhen.online/ i always get white screen (because WebView have problem with cert LetsEcnrypt)

And when i open Chrome from WebView, i get broken cert page(

LetsEcnrypt have new cert from 16.02.2024, but i don't have any problems at last week, only from 21.02.2024... maybe, they install this cert at 21.02....

Any ideas, how solve this problem? *maybe OS on my phone broken, i can't manually install certs(

[GreyAlex205]

And.... problem solved... without any help... Cert don't changed, but WV don't have any SSL problems now.

Can you answer, how WebView working with SSL, where can be problem?

[riblus-bandyr]

getting this error

here's some stuff from the logs

03-08 01:23:36.634 10437 10437 E app.mihon: Not starting debugger since process cannot load the jdwp agent. 03-08 01:23:36.861 10437 10469 E SQLiteLog: (283) recovered 187 frames from WAL file /data/data/app.mihon/databases/tachiyomi.db-wal 03-08 01:23:38.006 10437 10437 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found 03-08 01:23:38.521 10437 10638 E SQLiteLog: (284) automatic index on C(manga_id) 03-08 01:23:38.521 10437 10638 E SQLiteLog: (284) automatic index on mangas_categories(manga_id) 03-08 01:23:38.882 10437 10664 E ion : ioctl c0044901 failed with code -1: Invalid argument 03-08 01:24:16.652 10437 10908 E libEGL : eglCreateContextImpl:942 error 3004 (EGL_BAD_ATTRIBUTE) 03-08 01:47:54.873 22342 22342 E app.mihon: Not starting debugger since process cannot load the jdwp agent. 03-08 01:47:56.498 22342 22342 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found 03-08 01:47:56.985 22342 22587 E SQLiteLog: (284) automatic index on C(manga_id) 03-08 01:47:56.985 22342 22587 E SQLiteLog: (284) automatic index on mangas_categories(manga_id) 03-08 01:47:57.369 22342 22425 E ion : ioctl c0044901 failed with code -1: Invalid argument 03-08 01:48:01.212 22342 22783 E chromium: [ERROR:simple_file_enumerator.cc(21)] opendir /data/user/0/app.mihon/cache/WebView/Default/HTTP Cache/Code Cache/wasm: No such file or directory (2) 03-08 01:48:01.212 22342 22783 E chromium: [ERROR:simple_index_file.cc(614)] Could not reconstruct index from disk 03-08 01:48:01.783 22342 22782 E chromium: [ERROR:ssl_client_socket_impl.cc(970)] handshake failed; returned -1, SSL error code 1, net_error -202 03-08 01:48:17.421 22342 22342 E chromium: [ERROR:aw_browser_terminator.cc(154)] Renderer process (22758) crash detected (code -1). 03-08 01:58:43.654 24269 24269 E app.mihon: Not starting debugger since process cannot load the jdwp agent. 03-08 01:58:46.615 24269 24269 E FBI : Can't load library: dlopen failed: library "libmagtsync.so" not found 03-08 01:58:47.216 24269 24667 E SQLiteLog: (284) automatic index on C(manga_id) 03-08 01:58:47.216 24269 24667 E SQLiteLog: (284) automatic index on mangas_categories(manga_id) 03-08 01:58:47.900 24269 24686 E ion : ioctl c0044901 failed with code -1: Invalid argument

dunno how much of this outside of the SSL error is directly related

googling the ssl error came up with this SO https://stackoverflow.com/questions/59442126/handshake-failed-returned-1-ssl-error-code-1-net-error-202

i dont know enough of the internals to make heads or tails

[GreyAlex205]

I think, here a package of problems.

1. Phone and Android version + WebView. WV can't cache info, old android don't have installed cert.

2. You can install R3 ISRG to phone, but my cert installer broken (lol).

3. Developer can integrate cert to app, but Tachi closed.

4. Developer can ignore ssl errors.

5. Strange solution, try to open source with full cert chain like mangadex or comicfury can help to solve problem, WebView cache R3 ISRG from this sources.

[GreyAlex205]

Sometimes i solve problem with next algoritm: Open source with full cert chain like MangaDex, Comicfury. Open WebView window. Than you can open souce with broken cert chain, and maybe login to site if you need. But, if Tachiyomi stucks and get "hard restart", you will get ssl error again.

And last week, this algoritm don't work for me(

And i installed TachiSY, same problem with clean library.

On other phone, Poco X3, Android 10 no problems, but here another system of SSL Verification. Problem with old Android.

[GreyAlex205]

Hello! I have strange solution for this problem. Video with solution (poor quality because GIT have limit 10mb) https://github.com/keiyoushi/extensions-source/assets/81999054/4a7fdfda-f5d9-435c-9673-259fe53f62bd

1. WebView don't transfer cache between Tachi and TachiSA (and between any other fork). And between Tachi and Google Chrome.
2. If you open source with normal server certificate chain, WebView will cache information and you can use this for access to source with SSL error. You need to find source with normal R3 ISRG X1 Letsencrypt chain. Best way, find source, where you can manually set good server.

Solution:

1. I have problem with AllHentai source. I know, that forum for AllHentai use another server qawa.org where i see full SSL chain (ssllabs.com crt.sh digicert.com, can help to check SSL chain)
2. I found a source that I don't want to use, and source has manual domain. This is YaoiLib.
3. I set url https://qawa.org, but, https://letsencrypt.org works too.
4. Than you need to full stop app.
5. Start app again, and open source YaoiLib.
6. From this moment, if you broken source don't ask you to LogIn, you can use it, without going to WebView in YaoiLib. BUT:
7. If broken source ask you to LogIn, you must open WebView in YaoiLib, and wait until site will loaded.
8. Than, you can go back, open broken source, open WebView, and LogIn to your account.