help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FYI: LetsEncrypt certificates do not appear to be trusted

ANSWERED

‎09-01-2016 10:20

‎09-01-2016 10:20

This appears to be the same problem reported about StartSSL certificates before.

 

I just got emailed by the the Fitbit API advising my subscriber endpoints have been disabled as they are failing to respond correctly. The error listed is 'SSLException'. I've done some further checking and used Runscope to test the end points and they do appear to be working correctly and piping the subscritption traffic through Runscope works as expected.

 

My only thought, because of the timing of when these SSLException errors started, is the Fitbit API servers do not currently see LetsEncrypt certificates as being valid.

Ionic & Aria, Blaze (retired), Alta (retired), Surge (retired), Charge HR (retired), One (retired), Classic (retired) | Microsoft Surface | Google Pixel 2XL Android FitBit App
Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎09-06-2016 13:49

In response to JeremiahFitbit

‎09-06-2016 13:49

Turns out, Fitbit already supports the Let's Encrypt CA. The issue is that Fitbit does not support the SNI extension to TLS. You need to run your certificate on a dedicated IP or make the hostname of your subscriber the default hostname on the server.

View best answer in original post

Best Answer
6 REPLIES 6

‎09-01-2016 16:04

‎09-01-2016 16:04

Can you please contact private support with your client id and your subscriber URL for us to investigate?

Best Answer
0 Votes

‎09-05-2016 13:00

‎09-05-2016 13:00

Thank you for the report. We are updating our certificate authority list to include Let's Encrypt certificates. This should be fixed within a few days.

Best Answer
0 Votes

‎09-06-2016 13:49

In response to JeremiahFitbit

‎09-06-2016 13:49

Turns out, Fitbit already supports the Let's Encrypt CA. The issue is that Fitbit does not support the SNI extension to TLS. You need to run your certificate on a dedicated IP or make the hostname of your subscriber the default hostname on the server.

Best Answer

‎09-10-2016 04:08

In response to JeremiahFitbit

‎09-10-2016 04:08

Thanks Jeremiah, sadly with my server setup I can disable the SNI extension or change the default hostname but knowing the problems meant I've setup a seperate non SSL domain to accept subscription alerts

 

Thank again - much appreciated as always

Ionic & Aria, Blaze (retired), Alta (retired), Surge (retired), Charge HR (retired), One (retired), Classic (retired) | Microsoft Surface | Google Pixel 2XL Android FitBit App
Best Answer
0 Votes

‎10-13-2016 11:07

‎10-13-2016 11:07

 am getting multiple ( hundreds) of messages saying that the certificate used by your servers have been marked as untrustworthy and the connection is not safe.

 

please get this sorte as its very alarming

@stuartma wrote:

This appears to be the same problem reported about StartSSL certificates before.

 

I just got emailed by the the Fitbit API advising my subscriber endpoints have been disabled as they are failing to respond correctly. The error listed is 'SSLException'. I've done some further checking and used Runscope to test the end points and they do appear to be working correctly and piping the subscritption traffic through Runscope works as expected.

 

My only thought, because of the timing of when these SSLException errors started, is the Fitbit API servers do not currently see LetsEncrypt certificates as being valid.

 

Best Answer
0 Votes

‎10-13-2016 11:09

In response to cynthia1

‎10-13-2016 11:09

@cynthia1: Where are you seeing these messages?

Best Answer
0 Votes