2024-09-26, 02:23 PM
(This post was last modified: 2024-09-26, 02:24 PM by TheDreadPirate. Edited 1 time in total.)
I'm wondering if your clients don't trust the one of the CAs from Let's Encrypt. The intermediate CA in my cert is has a validity date starting earlier this year. If your Android TV clients haven't received any OS updates in a while they may not have that CA in their trust store. And this would require that your proxy offers the full chain.
In Nginx (my proxy) it is possible to offer both the chain.pem and the fullchain.pem. Other users with this issue with their ATV clients were able to resolve the problem by configuring their apache or nginx proxy to offer both chains.
What I'm reading seems to indicate that Caddy does not present the chain cert that includes the root, which is also the case for Nginx and Apache, by default. But I'm having trouble finding documentation for configuring Caddy to offer the fullchain.
Code:
Validity
Not Before: Mar 13 00:00:00 2024 GMT
Not After : Mar 12 23:59:59 2027 GMT
Subject: C = US, O = Let's Encrypt, CN = E6In Nginx (my proxy) it is possible to offer both the chain.pem and the fullchain.pem. Other users with this issue with their ATV clients were able to resolve the problem by configuring their apache or nginx proxy to offer both chains.
What I'm reading seems to indicate that Caddy does not present the chain cert that includes the root, which is also the case for Nginx and Apache, by default. But I'm having trouble finding documentation for configuring Caddy to offer the fullchain.
Jellyfin 10.10.3 (Docker)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04 LTS
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
3x WD Red Pro 6TB CMR in RAIDZ1 (JF Library)