[bug] Running Tauri with external URL as devPath returns `Unacceptable TLS certificate` in Linux

[luucasrb]

Describe the bug

I'm setting my devPath to an external URL that is running my Vue application. However, even using a signed and valid SSL certificate, Tauri keeps returning me a blank screen with Unacceptable TLS certificate. It only occurs in Linux version (Ubuntu 22.04) and I cannot reproduce in Windows 10.

Besides that, If I change the devPath to use an HTTP port, it works properly.

Reproduction

• Host an application anywhere with a valid and signed SSL certificate (HTTPS);
• Set the devPath to the ip:port of the application;
• Run yarn tauri dev;
• Receive Unacceptable TLS certificate.

Expected behavior

To open the application that is running in a HTTPS port.

Platform and versions

yarn run v1.22.19
$ RUST_LOG='info' RUST_BACKTRACE='full' tauri info

[✔] Environment
    - OS: Ubuntu 22.04 X64
    ✔ webkit2gtk-4.1: 2.38.6
    ✔ rsvg2: 2.52.5
    ✔ rustc: 1.70.0 (90c541806 2023-05-31)
    ✔ Cargo: 1.70.0 (ec8a8a0ca 2023-04-25)
    ✔ rustup: 1.26.0 (5af9b9484 2023-04-05)
    ✔ Rust toolchain: stable-x86_64-unknown-linux-gnu (default)
    - node: 16.17.0
    - yarn: 1.22.19
    - npm: 8.15.0

[-] Packages
    - tauri [RUST]: 2.0.0-alpha.9
    - tauri-build [RUST]: 2.0.0-alpha.5
    - wry [RUST]: 0.28.3
    - tao [RUST]: 0.19.1
    - @tauri-apps/api [NPM]: not installed!
    - @tauri-apps/cli [NPM]: 2.0.0-alpha.9

[-] App
    - build-type: bundle
    - CSP: unset
    - distDir: https://my-private-ip:1445/
    - devPath: https://my-private-ip:1445/
Done in 12.32s.

Stack trace

Unacceptable TLS certificate

Additional context

• The certificate was generated with let's encrypt.
• Wasn't able to find/use the fix that is related at: https://github.com/tauri-apps/tauri/issues/4472

[luucasrb]

Any update?

[FabianLars]

Can you test if you see the same issue in Epiphany (also known as Gnome Web)? - sudo apt install epiphany-browser (Their flatpak version doesn't use the system libs so it wouldn't be the same in comparison)

[luucasrb]

Is just installing enough to change the Tauri's default settings, or do I need to make additional configuration changes? If it's the first case, the error Unacceptable TLS certificate keeps happening.

[FabianLars]

No, it's a browser like firefox/chrome based on webkitgtk, which tauri uses for the webview on linux and i'd like you to try the same url in there to see if loads correctly, just to see how tauri specific this issue is.

[luucasrb]

Oh ok, sorry for the misunderstanding. When I open the URL using Epiphany, I get a blank screen without any error message or log. But there's a warning at the top saying, This website's digital identification is not trusted...

[luucasrb]

Update: just figured that TLS 1.3 wasn't enabled in my Reverse Proxy. After enabling it, the Epiphany browser now is able to open my app (still with ... not secure warning). However, the Tauri app is still with the Unacceptable TLS certificate.

[shamblesides]

I had this problem and was able to fix it for myself. I tested my server on SSL Labs and found out my server's certifcate chain was incomplete. After I fixed that by including the ca-bundle in my server's .crt file, I didn't get this error anymore.

[luucasrb]

I had this problem and was able to fix it for myself. I tested my server on SSL Labs and found out my server's certifcate chain was incomplete. After I fixed that by including the ca-bundle in my server's .crt file, I didn't get this error anymore.

Thanks, @shamblesides!

Using the fullchain certificate seems to work.