+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+---- Forum: Networking & Access (https://forum.jellyfin.org/f-networking-access)
+---- Thread: SOLVED: Android App not connecting anymore (/t-solved-android-app-not-connecting-anymore)
Pages:
1
2
Android App not connecting anymore - holger_kuehn - 2024-03-22
Hi folks,
I've noticed that a few days ago the Jellyfin Android App stopped working on my phone, checked two tablets as well, same here too. The Android TV app on my ShieldTV still works fine, so does any Windows client.
Setup is the following:
Server:
Windows 11 Pro 64bit
Jellyfin V10.8.13
Apache 2.4.58 Reverse Proxy
Clients
Windows - Jellyfin Media Player 1.9.1 - working
Android TV 0.16.7 - working
Kodi JellyCon 0.8.0 py3 - working
Jellyfin Android App 2.6.0 - not connecting
Interestingly the Android devices can connect via browser without any trouble, so the reverse proxy seems to work just fine. I had checked the config and reset it to the template provided on the forums here. When connecting via app, I think I can see the library for a very short time and then the app logs out again.
The only thing happend a few days ago on all affected devices seems to be an update to Android 14. The Shield is still on Android 11.
Are there any logs for the Android app, I can check? On the server logs I can't find any obvious hints.
Any additional info I should provide?
Holger
RE: Android App not connecting anymore - TheDreadPirate - 2024-03-22
Can you repeat the access attempt on the phone and then check the log to check if the connection attempt made it to Jellyfin? Or did the connection attempt fail at Apache? Did your cert recently update?
RE: Android App not connecting anymore - holger_kuehn - 2024-03-22
(2024-03-22, 08:51 PM)TheDreadPirate Wrote: Can you repeat the access attempt on the phone and then check the log to check if the connection attempt made it to Jellyfin?
I've cleared the log on the server, and done 5 attempts to connect, seems not to reach the server ...
Code:
[2024-03-22 22:05:12.939 +01:00] [INF] [10] Emby.Server.Implementations.ScheduledTasks.TaskManager: Queuing task "PluginUpdateTask"
[2024-03-22 22:05:12.943 +01:00] [INF] [7] Emby.Server.Implementations.ScheduledTasks.TaskManager: Executing "Aktualisiere Plugins"
[2024-03-22 22:05:12.999 +01:00] [INF] [1] Emby.Server.Implementations.ApplicationHost: Executed all post-startup entry points in 0:00:00.758954
[2024-03-22 22:05:13.000 +01:00] [INF] [1] Main: Startup complete 0:00:24.3585816
[2024-03-22 22:05:28.402 +01:00] [INF] [10] Emby.Server.Implementations.ScheduledTasks.TaskManager: "Aktualisiere Plugins" Completed after 0 minute(s) and 15 seconds
[2024-03-22 22:05:28.413 +01:00] [INF] [10] Emby.Server.Implementations.ScheduledTasks.TaskManager: ExecuteQueuedTasks(2024-03-22, 08:51 PM)TheDreadPirate Wrote: Or did the connection attempt fail at Apache?
The access-log shows this from the app (not connecting):
Code:
192.168.22.213 - - [22/Mar/2024:22:15:40 +0100] "GET /System/Info/Public HTTP/1.1" 200 219 "-" "Ktor client"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:15:43 +0100] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Linux; Android 14; SM-F731B Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.120 Mobile Safari/537.36"
192.168.22.213 - - [22/Mar/2024:22:15:54 +0100] "GET /System/Info/Public HTTP/1.1" 200 219 "-" "Ktor client"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:15:58 +0100] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Linux; Android 14; SM-F731B Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.120 Mobile Safari/537.36"
192.168.22.213 - - [22/Mar/2024:22:16:37 +0100] "GET /System/Info/Public HTTP/1.1" 200 219 "-" "Ktor client"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:16:41 +0100] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Linux; Android 14; SM-F731B Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.120 Mobile Safari/537.36"and this from the browser (same device and network) connecting
Code:
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:18:38 +0100] "GET /web/index.html HTTP/1.1" 200 1994 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:18:38 +0100] "GET /Trickplay/ClientScript HTTP/1.1" 200 18547 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:18:38 +0100] "GET /web/assets/img/icon-transparent.png HTTP/1.1" 200 23534 "https://jellyfin.domain.tld/web/index.html" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:18:38 +0100] "GET /web/main.jellyfin.bundle.js?d5f64bca077b6d6aaf33 HTTP/1.1" 200 453748 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"
fd11:f0d8:a7bb:135d:4c61:2421:7249:115d - - [22/Mar/2024:22:18:38 +0100] "GET /web/config.json HTTP/1.1" 200 417 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"
....(2024-03-22, 08:51 PM)TheDreadPirate Wrote: Did your cert recently update?
The certificate is still valid for 3 months.
Code:
Server Key and Certificate #1
Subject *.domain.tld
Fingerprint SHA256: 3cf4023913ae9df46cb0e3a21a3fa93635046f2ecb0a65200ca24d7558b3aaaf
Pin SHA256: EvvP2Ko2oL8jYeE9TCo8QruJXxgSy3FC6a2BPNVeqzI=
Common names *.domain.tld
Alternative names *.domain.tld domain.tld
Serial Number 00f2e77f9bbde5b429f2059c709cc0a5ce
Valid from Tue, 06 Jun 2023 00:00:00 UTC
Valid until Sat, 06 Jul 2024 23:59:59 UTC (expires in 3 months and 14 days)
Key RSA 4096 bits (e 65537)
Weak key (Debian) No
Issuer Sectigo RSA Domain Validation Secure Server CA
AIA: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
Signature algorithm SHA256withRSA
Extended Validation No
Certificate Transparency Yes (certificate)
OCSP Must Staple No
Revocation information OCSP
OCSP: http://ocsp.sectigo.com
Revocation status Good (not revoked)
DNS CAA Yes
policy host: domain.tld
issuewild: sectigo.com flags:0
issue: sectigo.com flags:0
Trusted Yes
Mozilla Apple Android Java Windows
Additional Certificates (if supplied)
Certificates provided 2 (3402 bytes)
Chain issues None
#2
Subject Sectigo RSA Domain Validation Secure Server CA
Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=
Valid until Tue, 31 Dec 2030 23:59:59 UTC (expires in 6 years and 9 months)
Key RSA 2048 bits (e 65537)
Issuer USERTrust RSA Certification Authority
Signature algorithm SHA384withRSARE: Android App not connecting anymore - TheDreadPirate - 2024-03-22
I edited your post to remove your actual domain.
Can you share your apache config via sourcebin? Replace your domain with something like "domain.tld"
RE: Android App not connecting anymore - holger_kuehn - 2024-03-23
Have done some tests with an older Apache version from December, its the same, only the Android App does not connect.
I'm a bit out of ideas, what might have changed?
The reverse-proxy httpd-ssl.conf is this, SSLCipherSuite, SSLHonorCipherOrder, SSLProtocol are outside of virtual host, as these are valid for all hosts:
https://srcb.in/4WXeYPjoJf
The httpd.conf is here:
https://srcb.in/2gy1cWFt23
The other config files are the Apache original ones.
RE: Android App not connecting anymore - TheDreadPirate - 2024-03-23
Ah. I finally remembered. Make sure at least one of the certs in your config is a "fullchain" file.
RE: Android App not connecting anymore - holger_kuehn - 2024-03-23
(2024-03-23, 03:47 PM)TheDreadPirate Wrote: Make sure at least one of the certs in your config is a "fullchain" file.
I've changed the certs to a full chain file and changed the config to this:
Code:
SSLEngine on
#SSLCertificateFile "${SRVROOT}/conf/ssl.crt/server.crt"
SSLCertificateFile "${SRVROOT}/conf/ssl.fullchain/fullchain.pem"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl.key/server.key"
#SSLCACertificateFile "${SRVROOT}/conf/ssl.crt/ca-bundle.crt"
#SSLCertificateChainFile "${SRVROOT}/conf/ssl.fullchain/fullchain.pem"SSLLabs state this as valid, but the Android app still refuses to connect.
I had to remove the crt file, as including this resulted in cert chain error (wrong order, to many certs).
RE: Android App not connecting anymore - TheDreadPirate - 2024-03-23
Sorry to ask the obvious, but did you restart apache? Are you able to check Android's cert store to verify that it trusts all certs in the chain?
RE: Android App not connecting anymore - holger_kuehn - 2024-03-23
(2024-03-23, 06:13 PM)TheDreadPirate Wrote: Sorry to ask the obvious, but did you restart apache?
Yes, and I get to see them on https://www.ssllabs.com/ssltest/ as sent by the server.
Code:
1 Sent by server *.domain.tld
Fingerprint SHA256: 3cf4023913ae9df46cb0e3a21a3fa93635046f2ecb0a65200ca24d7558b3aaaf
Pin SHA256: EvvP2Ko2oL8jYeE9TCo8QruJXxgSy3FC6a2BPNVeqzI=
RSA 4096 bits (e 65537) / SHA256withRSA
2 Sent by server Sectigo RSA Domain Validation Secure Server CA
Fingerprint SHA256: 7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676
Pin SHA256: 4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=
RSA 2048 bits (e 65537) / SHA384withRSA
3 Sent by server USERTrust RSA Certification Authority
Fingerprint SHA256: 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
Pin SHA256: x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=
RSA 4096 bits (e 65537) / SHA384withRSA
4 In trust store AAA Certificate Services Self-signed
Fingerprint SHA256: d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4
Pin SHA256: vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM=
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate(2024-03-23, 06:13 PM)TheDreadPirate Wrote: Are you able to check Android's cert store to verify that it trusts all certs in the chain?
Can you point me to a guide how to do that? On any Webbrowser, I see them as valid. Just found some programming pages on how to validate certs on android ...
As a side note, I just tested the findroid app from the very same phone, worked as expected and connected without trouble.
RE: Android App not connecting anymore - TheDreadPirate - 2024-03-23
Clear the app cache for the official app? I don't see a mention of that in your prior posts. I'm running out of ideas.