ImmichI
Immich17mo ago
CivBase

Server is not reachable, Android, Invalid SSL Certificate

I just setup Immich on my Ubuntu 20 server using docker compose. It is accessible through an nginx reverse proxy via https://immich.mydomain.com (not the actual domain). Immich and the database are hosted on my server, but UPLOAD_LOCATION points to an existing directory in a SMB network share (mounted via CIFS 3.0 in fstab).

I can access Immich via the web interface, but when I try to connect via the Android app (https://immich.mydomain.com/api) it says "Server is not reachable". The logs say "Invalid SSL certificate for immich.mydomain.com:443". I had to update my TLS certficiate to add the immich.mydomain.com domain, but it started working in the browser after that. I can see the updated certificate in my browser with the new domain. Maybe Android is just caching the old certificate?

2024-08-25 09:04:27.603957 | SEVERE   | ApiService           | Error while checking server availability | HandshakeException: Handshake error in client (OS Error: 
    CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:393)) |
#0      _SecureFilterImpl._handshake (dart:io-patch/secure_socket_patch.dart:99)
#1      _SecureFilterImpl.handshake (dart:io-patch/secure_socket_patch.dart:143)
#2      _RawSecureSocket._secureHandshake (dart:io/secure_socket.dart:920)
#3      _RawSecureSocket._tryFilter (dart:io/secure_socket.dart:1049)
<asynchronous suspension>

2024-08-25 09:04:27.603553 | SEVERE   | HttpSSLCertOverride  | Invalid SSL certificate for immich.mydomain.com:443 |


curl also complains about the certificate. But I can at least get a response if I disable certificate validation.

$ curl "https://immich.mydomain.com"
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$ curl "https://immich.mydomain.com/api/server-info/ping" --insecure
{"res":"pong"}


On top of that, the web interface gives an error when I try to upload any images and it does not display any of the pictures already in the UPLOAD_LOCATION directory. The upload error doesn't give me any information and I'm not sure where to find relevant logs.

The UPLOAD_LOCATION directory has 777 permissions and is owned by the users group.
Was this page helpful?