09-01-2016 10:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

09-01-2016 10:20
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
This appears to be the same problem reported about StartSSL certificates before.
I just got emailed by the the Fitbit API advising my subscriber endpoints have been disabled as they are failing to respond correctly. The error listed is 'SSLException'. I've done some further checking and used Runscope to test the end points and they do appear to be working correctly and piping the subscritption traffic through Runscope works as expected.
My only thought, because of the timing of when these SSLException errors started, is the Fitbit API servers do not currently see LetsEncrypt certificates as being valid.
Answered! Go to the Best Answer.

- Labels:
-
Subscriptions API
Accepted Solutions
09-06-2016 13:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



09-06-2016 13:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
Turns out, Fitbit already supports the Let's Encrypt CA. The issue is that Fitbit does not support the SNI extension to TLS. You need to run your certificate on a dedicated IP or make the hostname of your subscriber the default hostname on the server.
09-01-2016 16:04
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



09-01-2016 16:04
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Can you please contact private support with your client id and your subscriber URL for us to investigate?

09-05-2016 13:00
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



09-05-2016 13:00
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Thank you for the report. We are updating our certificate authority list to include Let's Encrypt certificates. This should be fixed within a few days.

09-06-2016 13:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



09-06-2016 13:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
Turns out, Fitbit already supports the Let's Encrypt CA. The issue is that Fitbit does not support the SNI extension to TLS. You need to run your certificate on a dedicated IP or make the hostname of your subscriber the default hostname on the server.
09-10-2016 04:08
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

09-10-2016 04:08
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Thanks Jeremiah, sadly with my server setup I can disable the SNI extension or change the default hostname but knowing the problems meant I've setup a seperate non SSL domain to accept subscription alerts
Thank again - much appreciated as always

10-13-2016 11:07
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

10-13-2016 11:07
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
am getting multiple ( hundreds) of messages saying that the certificate used by your servers have been marked as untrustworthy and the connection is not safe.
please get this sorte as its very alarming
@stuartma wrote:This appears to be the same problem reported about StartSSL certificates before.
I just got emailed by the the Fitbit API advising my subscriber endpoints have been disabled as they are failing to respond correctly. The error listed is 'SSLException'. I've done some further checking and used Runscope to test the end points and they do appear to be working correctly and piping the subscritption traffic through Runscope works as expected.
My only thought, because of the timing of when these SSLException errors started, is the Fitbit API servers do not currently see LetsEncrypt certificates as being valid.

10-13-2016 11:09
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



10-13-2016 11:09
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@cynthia1: Where are you seeing these messages?

