Hello community, why does it take so long for the ticket response? It’s already a week since the ticket is first opened.
I am in the Pro plan tier. I have an issue with the ssl certificate. It’s a critical issue because some of my users can’t access my app with specific devices (like Android operating system 9).
I have opened a ticket to Cloudflare support team and they do replied and said that they can do the modifications. Then, i asked for it. But, after that i haven’t got a response till now. Maybe by posting to community, it can help me more quickly from cloudflare team members that are active in community too. Thanks!
My ticket is #2804871
The recommended support method on Pro is still the community and unfortunately the response time for technical issues on tickets can be long.
Your issue can probably be answered here though.
Some types of Google Trust Services certificates were deployed by Cloudflare that would show as invalid on certain older devices or systems with older trust stores.
On 2023-05-19 they temporarily stopped issuing these certs, you can replace the certificate by disabling Universal SSL, waiting a few minutes and re-enabling it. This will remove the old certificate and should issue a newer one with a better trusted chain on older devices.
Hello, thanks for your response. The cloudflare support team member has replied to me. And i already re-enabled the Universal SSL. It works now on browser when accessed my domain. But, i still got issue on Android older devices (like Android with OS 9) native app that access API. The error message is “javax.net.ssl.SSLHandshakeException: Handshake failed”. Waiting for their response again. Do i need to purge cache? and toggle the DNS proxy?
Thanks a lot!
2 posts were split to a new topic: Feedback for ticket response times
You’ll need to view the certificate being presented and understand what is causing the issue. It will likely be the trust store on those devices. I believe this should be resolved for most devices with newly issued Universal certificates but you may also wish to look at Advanced certificates · Cloudflare SSL/TLS docs where you have more control over the certificates issued.
If you still have the old certificate that is not trusted on the older device then try this again.
Make sure you wait a few minutes in between to ensure the old cert gets removed so a new one is issued.
Thanks for the response. Yes, i already tried to re-enabled it again but still got Handhshake failed exception. Yes, i do look for advanced certificate. It’s subscriptions too. But, is there any other alternative to solve this issue?
I think most of free plan tier user are facing this issues too?
Thanks in advance!
Can you share the domain here?
Anyway, i just checked it that not only Android 9 below but also the higher OS got same handshake error now. Please help. Thanks!
The certificate there looks OK now and I believe should work on Android 4+ and Java 7+ which are both pretty old. I am not sure what issue your clients are facing.
It is safe is accessed from browser. But, when access my android application that use API. It got handshake error. Now, it happens on newer devices like Android OS 12 too (I tried it).
what trust store is this using? Is it a very old Java version or something like that?
I had no trouble using Tor Browser on Android 13.
The certificate is issued by Google Trust Services. I was not immediately able to view ffurther certificate details from that browser.
the cert trust store? Sorry, where can i check the trust store. I am using the basic plan certificate Universal SSL. Do i need to subscribe the advanced certificate? Thanks in advance!
it’s no problem if accessed on browsers. But, the error is when opened the app that use my API.
I mean the one used by your android application, not Cloudflare.
This woudl allow you to change CA and customise a few settings but I am not sure it would fix this issue, it seems it’s related specifically to that application and not wider trust of the cert.
Hello, thanks for all your support and response. Now, it’s working well on mobile applications. Perhaps it was the propagate time or something like cache. Once again, thanks a lot!
It seems that your certificate has changed to a Let’s Encrypt one, did you use ACM or swap it some other way?
I would still look at your application as it appears to be using a very out of date trust store which may prove to be an issue again in the future.
It’s working well now. Thanks!