This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 53%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello, I developing an application on Xamarin for Android and iOS for a little while and I had so far had no problems with the web socket
I use this method to connect to my server "await client.ConnectAsync(new Uri("wss://MY_URL"), cts.Token);"
Recently and surely because of recent events with Let’s Encrypt android phones can no longer connect to my server, here is the error:
Verif SN error =>System.Net.WebSockets.WebSocketException (0x80004005): Unable to connect to the remote server ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
I tried a lot of things but I couldn’t get a result, my server certificates are in ISRG Root X1
Do you have any idea what the problem is?
thank you in advance, have a good day
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 87%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi, Steven-5318. What httpClient handler class do you use in your project. Please make sure use AndroidClientHandler instead of HttpClientHandler class. Here is a similar issue thread, you could refer to it.
https://stackoverflow.com/questions/69462381/xamarin-expired-lets-encrypt-certificate-and-httpclient
Hello, I use AndroidClientHandler I looked at the thread and I didn’t find the answer to my question I tried not to check the certificates but as I use websocket of xamarin maybe I miss out
Is the root certificate of Let's Encrypt expired? Please check it. And what the SDK fo the device you tested? Andrid 7.0 and below will not check if the certificate is expired. Here is a wordaround about the issue and a detailed explanation about Let's Encrypt on Anrdoid.
https://github.com/xamarin/xamarin-android/issues/6351#issuecomment-931987612
https://github.com/xamarin/xamarin-android/issues/6351#issuecomment-945646088
No, we did renew the certificates of Let’s Encrypt we are in ISRG Root X1 until 2022, I use an android smartphone version 11 of Android .
However sorry about the re-post, but our root certificate ISRG Root X1 is signed by DST Root CA X3 until 2035 is this a problem?
Hi, please check this comment. The DST Root CA X3 is recently expired, a bunch of devices won't trust anything signed by it.
Hello, Yes I saw it well but the concern is that we have already made the command
certbot renew --force-renewal --preferred-chain "ISRG Root X1"
and that the certificate is still signed by DST Root CA X3.
Do you think that’s the problem?
Sorry, we are not experts in Let's Encrypt. For the problem about the api, it's suggested to report the issue to its github repo.
Indeed there are two solutions
1: Changing the way you use http requests on Xamarin
So passed from ClientWebSocket to httpClient or other , or the possibility to cancel the certificate check is available even if on production it is not a solution.
2: Update Certbot
Update Certbot and ask again for a certificate let’s encrypt without cross-signature "DST Root CA X3"
This worked for us
I hope it helps some
Good luck to you and thank you
Can you put the steps and commands you did with certbot?
Of course !
We have updated certbot to version 1.20.0
once we had updated certbot the following command, solved our problem
certbot certonly --manual --agree-tos --preferred-chain "ISRG Root X1"
then he asks you for your domain names, and that’s it!
I have the same problem in Android versions 7 and higher. The solution was the implementation:
https://github.com/xamarin/xamarin-android/issues/6351#issuecomment-932944425
I don't like it though, as I use Refit and it "complicates" token allocation.
Did you find a server-side solution? I think xamarin should update the android sdk. In flutter this does not happen.