bubblewrap icon indicating copy to clipboard operation
bubblewrap copied to clipboard
verified publisher icon GoogleChromeLabs

bubblewrap update throws ERROR unable to verify the first certificate

Open StefanNedelchev opened this issue 3 years ago • 5 comments

Describe the bug I decided to use bubblewrap update to regenerate and update projet (this is not the first time I do it). Unfortunately the CLI can't start updating and throws the following error: cli ERROR unable to verify the first certificate (can be seen on the screenshot too). This happen no matter if I write different app version or skip this step.

To Reproduce Steps to reproduce the behavior:

  1. Navigate to your bubblewrap project folder
  2. Run bubblewrap update (doesn't matter if you chose different app versionName or not)

Expected behavior Bubblewrap should regenerate the Android project and update your app version code in the twa-manifest.json file

Screenshots image

Additional context I use the latest version of the bubblewrap cli (1.18.0) Maybe worth to notice that the bubblewrap build command still works just fine and builds the app.

StefanNedelchev avatar Jul 21 '22 16:07 StefanNedelchev

This seems like an issue with SSL certificates. Would you mind sharing the URL to the web manifest so I can try reproducing?

andreban avatar Jul 21 '22 16:07 andreban

This seems like an issue with SSL certificates. Would you mind sharing the URL to the web manifest so I can try reproducing?

Sure, no problem, you can find it here: https://mobile.sledi.me/manifest.webmanifest

StefanNedelchev avatar Jul 22 '22 17:07 StefanNedelchev

I'm getting the same error-- has stopped me right in my tracks. I'm using one of those free "Let's Encrypt" certificates via "certbot" on my Apache server. Some software has issues with those not being trusted.

Is there a way to disable Bubblewrap's SSL cert validation? I see it can be done with one line of code in Node apps, but it'd probably need to be exposed here as a command line parameter?

EDIT: Figured it out! Was as simple as one line change in my Apache SSL configuration: https://community.letsencrypt.org/t/unable-to-verify-the-first-certificate/140756

Maybe this will help @hardmaster92 too?

sniperpon avatar Aug 07 '22 22:08 sniperpon

I'm getting the same error-- has stopped me right in my tracks. I'm using one of those free "Let's Encrypt" certificates via "certbot" on my Apache server. Some software has issues with those not being trusted.

Is there a way to disable Bubblewrap's SSL cert validation? I see it can be done with one line of code in Node apps, but it'd probably need to be exposed here as a command line parameter?

EDIT: Figured it out! Was as simple as one line change in my Apache SSL configuration: https://community.letsencrypt.org/t/unable-to-verify-the-first-certificate/140756

Maybe this will help @hardmaster92 too?

Tried that but weirdly enough didn't help... I restarted the apache server but still the same.

EDIT: Actually I fixed the issue. I had to provide a SSLCertificateChainFile to the Apache configuration as well. The Apache docs say:

SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

But my server version is 2.4.6 :smile: so I had to add it. Adding it fixed the original issue so let this stay here as an info to whoever uses Apache server with version < 2.4.8.

StefanNedelchev avatar Aug 08 '22 17:08 StefanNedelchev

I'm getting the same error-- has stopped me right in my tracks. I'm using one of those free "Let's Encrypt" certificates via "certbot" on my Apache server. Some software has issues with those not being trusted. Is there a way to disable Bubblewrap's SSL cert validation? I see it can be done with one line of code in Node apps, but it'd probably need to be exposed here as a command line parameter? EDIT: Figured it out! Was as simple as one line change in my Apache SSL configuration: https://community.letsencrypt.org/t/unable-to-verify-the-first-certificate/140756 Maybe this will help @hardmaster92 too?

Tried that but weirdly enough didn't help... I restarted the apache server but still the same.

EDIT: Actually I fixed the issue. I had to provide a SSLCertificateChainFile to the Apache configuration as well. The Apache docs say:

SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

But my server version is 2.4.6 😄 so I had to add it. Adding it fixed the original issue so let this stay here as an info to whoever uses Apache server with version < 2.4.8.

That's great, glad to hear you got it working!

sniperpon avatar Aug 09 '22 18:08 sniperpon

Closing the issue with the following comment to whoever finds it:

If you are running your web app on an Apache/httpd server, make sure you provide the path to the fullchain.pem certificate for SSLCertificateFile as mentioned here: https://community.letsencrypt.org/t/unable-to-verify-the-first-certificate/140756

If the version of the Apache server is < 2.4.8 you have to provide a SSLCertificateChainFile (pointing to the chain.pem certificate) to the Apache configuration as well, based on their docs:

SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

I hope this helps

StefanNedelchev avatar Aug 21 '22 14:08 StefanNedelchev