+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: SOLVED: Android TV fails to connect to server (SSL handshake failure) (/t-solved-android-tv-fails-to-connect-to-server-ssl-handshake-failure)
Android TV fails to connect to server (SSL handshake failure) - OmegaSupreme3 - 2025-07-23
After update to 0.18.11 the app cannot connect to my server anymore, the reverse proxy reports a SSL handshake failure. Before the update I've never experienced any problems with the app. The setup has been working for almost a year without problems.
- I use a Google ChromeCast 4K (up-to-date)
- WiFi connection is working (can browse videos etc.)
- The reverse proxy is configured to use a non self-signed SSL certificate (Sectigo). The certificate is valid
- The reverse proxy also is used for other services and none of those services experience problems
- No configuration changes have been made to the reverse proxy
- No configuration changes have been made to JellyFin server (10.10.7 running since release)
- JellyFin through the webbrowser, MediaPlayer and the regular Android app work without problems. Both from inside and outside the network
What did I try?
- I tried connecting directly to the JellyFin server HTTPS (8095), bypassing the reverse proxy, but no connection could be made
- I also tried through direct connecting to the JellyFin server HTTP (8096), bypassing the reverse proxy, but no connection could be made
- Remove server settings from the app. Did not resolve the issue
- Remove the cache/data for the Android TV app. Did not resolve the issue
- Reinstalled the Android TV app. Did not resolve the issue
- Tried with a different Google ChromeCast 4K. Same issues occur
- Checked the logs of JellyFin and couldn't find any relevant information. It seems the app doesn't connect to JellyFin server at all. The logs do not show any information
- Checked the operating system logs, also no relevant information is shown
- 'netstat' on the system running JellyFin doesn't reveal any pending connections as well
The latter seems to indicate that the issue I have might be more of a general connection issue, not only related to SSL connections.
What steps can I take to start resolving this issue? Are there any debug logs for the app?
RE: Fails to connect to server (SSL handshake failure) - bitmap - 2025-07-23
Debug logs can be enabled, but generally aren't going to provide useful information for an issue like this one. What version of Jellyfin server are you running? Additionally, can you share your RP configuration and info (i.e., which one)?
RE: Fails to connect to server (SSL handshake failure) - OmegaSupreme3 - 2025-07-23
(2025-07-23, 05:50 PM)bitmap Wrote: Debug logs can be enabled, but generally aren't going to provide useful information for an issue like this one. What version of Jellyfin server are you running? Additionally, can you share your RP configuration and info (i.e., which one)?
I am running Jellyfin server 10.10.7 since it was released. With respect to the proxy I'm running HAProxy, it is just a default out of the box setup. I can share the details with you and I appreciate your intent, but I doubt if it matters since the app also fails to make any direct connection (which means bypassing the proxy) to Jellyfin server. I found that later on and updated my post afterwards. Maybe it isn't clear, I will update it to make it more clear.
I will enable the debug logs and report back here with my findings.
RE: Android TV fails to connect to server (SSL handshake failure) - OmegaSupreme3 - 2025-07-26
Coming back to this issue. So for future reference, I will post my solution. The problem didn't have anything to do with the Jellyfin app or server.
As usual, problems are hardly every caused by a single factor ...
- It turned out that, unknown to me, my room mate had recently renewed the SSL certificate and updated it on the reverse proxy
- Sectigo updated and migrated their root certificates last april 2025 in all known major root stores (https://www.sectigo.com/knowledge-base/detail/Sectigo-Public-Root-CAs-Migration/kA0Uj0000003RoT)
- However, it appears the certificate store of Android 14 doesn't seem to be entirely up-to-date yet (no problems on Android 16!). So to circumvent this issue, the root certificate had to be added on the reverse proxy.
How did I found out?
Checking debug logs for both the reverse proxy and Jellyfin server did not give any indication. So I eventually took the sources of Jellyfin Android TV, had to change some code (min-server-version, app-version) to actually make it work with my Jellyfin server and fired up the debugger in Android Studio. After testing some scenarios I found the cause of the connection problems in the stacktrace (shortened for readability): Trust anchor for certification path not found.
Code:
org.jellyf...HttpClient org.jellyfin.androidtv.debug E Unknown SSL error occurred
org.jellyf...HttpClient org.jellyfin.androidtv.debug E javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
org.jellyf...HttpClient org.jellyfin.androidtv.debug E at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
org.jellyf...HttpClient org.jellyfin.androidtv.debug E at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
org.jellyf...HttpClient org.jellyfin.androidtv.debug E Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.Would be nice if the Jellyfin app could show a stacktrace of the last known issue (e.g. located behind a "Show Error" button).