makeWebRequest to https leads to 404 because of SSL handshake problem

JanSurft said:

1. Web request when WLAN is connected to your watch: They will go directly to your requested service via the watches http client. Here Let's Encrypt certificates are NOT supported.

No wonder I encountered problems when WLAN was connected. It is really terrible!

JanSurft said:

Web request when WLAN is connected to your watch: They will go directly to your requested service via the watches http client. Here Let's Encrypt certificates are NOT supported.

I have not experienced this to be the case.  In my testing with edge devices, they have no problems accessing my server using Lets Encrypt certs directly using the built in WiFi.  Since I don't use the sync delegate, I have not been able to force a watch to use only the WiFi connection, but there is no reason to think the https engine in the watch would behave any differently than the edge devices.

I know this is a little old but I've only just seen this thread. When you say "Let's Encrypt certificates are NOT supported." are you basing this on experienced behaviour or have you explicitly seen this documented somewhere?

The reason I ask this is that I use Let's Encrypt certificates on my server and in my experience webRequests work perfectly with both the simulator and real devices when connecting over both BLE and WiFi.

sabeard li2niu  can you send me a link to the server where you have let's encrypt ssl certificate and works with CIQ? I'd like to compare it's ssl settings (as seen by some ssl online validator) to spot what can be different in my nginx settings.

Ah, and when you say it works, does it mean it works only from real devices, or also from the simulator when "Use device HTTPS requirements" is CHECKED?

Sure, you can check the following.

https://ciq.sabeard.net/wrw4

ciqtest.sabeard.net/wrw4

Both are set up with apache instead of nginx, but I used the default settings in certbot to generate the certificates, and keep them updated.  Both servers are used with makeWebRequest and makeImageRequest and work with devices and the simulator.  I never turn off the "Use device HTTPS requirements" option in the simulator.

I tested to send a https request to the ciqtest site, and it's the same, it doesn't work from the simulator (fr255). Does it really work for you when you send http requests with "Use device HTTPS requirements" checked? If it does work for you then the only other thing I can think of (that would surprise me) is that this is somehow related to my home network / router...

Unless you are trying to get a JSON response, I don't think trying to retrieve the page will work.  Here is a copy of the simulation HTTP traffic stats trying to hit my APIs I have set up on the cittest server with the "Use device HTTPS Requirements" checked.

I don't really know what your router could be doing to the request.  For this particular server it is hosted in my house the DNS and SSL cert are configured for the public interface on my router.  So in order to reach this server from my home network, I do have to ensure the router is enabled for hairpin NAT routing.  Other than that, everything just works.

The problem was the letsencrypt certificate. I created a new free certificate on zerossl.com and it works out of the box. It's less convenient than letsencrypt because I have to enter the website every 90 days, install a new certificate, etc... I hope I'll find the way to configure letsencrypt to work because it has the auto-renew cronjob that is very useful

Have you tried the one from zerossl on a real device?  There you'll also encounter Android/iOS might add to the mix.