Brief Information About the problem:
I have been using ODK-x since 2020 and it has been smooth. The challenge started recently when I updated ssl certificates on the server and now all my tablets cannot sync. This is not the first time I am updating ssl and I have never experienced this problem before. Below screenshot shows the error I am getting on the tablet.
I am able to reach the server through the web browser as shown below. The only challenge is I cannot access the server through odk-x services.
a. I have switched my tablets to different networks but still getting the same error. My tablets can browse the internet and this shows internet is not the issue causing the tablets not to sync.
b. I have stopped all the docker services and started them. I have done this so many times but not resolving the problem.
c. I have severally restarted the entire server but nothing positive is forthcoming.
d. I have also looked at similar posts on the same subject but they seem to be not helping my current issue.
I request for someone to advice me what to do. I have spent two days trying to troubleshoot but its like am not finding a solution.
What does the browser say about the encryption certificate? You can skip issues in a browser and it will remember to skip. You should search for how to view your SSL/TLS certificate in your browser.
My root signer: DigiCert Global G2 TLS RSA SHA256 2020 CA1.
I also pulled the logs from odk-x applications and noticed the issue is "Network failure - javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found" . This is what am trying to troubleshoot.
I have also attached the log file.
Anyone with quick fix? I have tried all possible solutions but yet to crack it. 2023-12-04_02.txt (11.9 KB)
The DigiCert Global G2 is a newer certificate and older Androids might not have the root certificate in trust store. You can check by doing something like:
Open Settings.
Click Security. If you can’t find security, search for “Encryption and Credentials.”
" Before Android 14, it was impossible to update root certificates on Android without using an Over-the-Air software update. This poses a risk for users because they need to wait for an OEM to push an update before updating any root certificates that might be expiring."
ALTERNATIVE SOLUTION: Obtain another certificate using Let’sEncrypt.
Thanks you so much @W_Brunette. Your feedback was so helpful because I had to concentrate on why Android does not recognize the newer ssl as trusted certs.
I had to append the ssl files into one .pem file for the tablets to recognize the new DigiCert Global G2 certificates.
Another instance of odk-x could not pick new ssl certificates after replacing the old ones. I had to delete all the docker volumes for the new ssl certificates to be served to nginx web server. I lost data [recovered data from data collection devices] in the process of deleting docker volumes but this helped the server to get new certificates.
I thought this information can help someone with the same issue.
It is important to note that yes the data is stored on the volumes, as long as you do not delete the database volumes you should not lose data. You can also back volumes up.
