Time Validity issue

Question

Time Validity issue

Closed this issue 3 months ago · 8 comments

So I found an odd issue. I get an error when searching for lyrics that the certificate is not within the validity period. If I try and go to the URL that is provided it gives me the certificate error where I can "Advance" through it. Here is the error that I am getting, it is for every song I have.
error sending request for url (https://lrclib.net/api/search?track_name=<track_name>%28Album+Version%29&artist_name=&album_name=): error trying to connect: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. (os error -2146762495)

Answer 1 · 2024-03-31T17:10:51.000Z

Oops, it seems my cron job for renewing Let's Encrypt certificate is not working, so now the certificate is expired. I'll check it out.

Answer 2 · 2024-03-31T17:34:03.000Z

I've renewed the certificate. The issue was that the certbot-renew.timer timer was inactive by default, so the certificate renewal service certbot-renew.service did not run as expected. I will monitor this closely over the next few days to ensure it runs as intended. Thank you for notifying me of this issue!

Answer 3 · 2024-03-31T17:50:30.000Z

Is there anything I need to do on my end?
Re-download something?

Answer 4 · 2024-03-31T18:13:28.000Z

Is there anything I need to do on my end? Re-download something?

Nevermind :) I just had to try it again. I was on my phone when I messaged before.

Thank you for the quick turn around!

Answer 5 · 2024-04-01T00:54:29.000Z

Hi, LRCLIB website and APIs are blocked for old androids probably <7.1.1 devices from yesterday, (after certificate renewal). I think it's related to this issue so that I'm writing here.

The website shows NET::ERR_CERT_AUTHORITY_INVALID. I can skip that warning to load the website.

But API requests are throwing IO Exception during network request: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Answer 6 · 2024-04-02T07:01:15.000Z

@abhishekabhi789 Looks like it is related to this:

https://letsencrypt.org/2023/07/10/cross-sign-expiration

In short, Let's Encrypt support for older Android devices (<7.1.1) will eventually end later this year (September 2024). It seems they've stopped providing DST Root CA X3 by default (since February 2024).

Answer 7 · 2024-04-02T11:17:23.000Z

@abhishekabhi789 I've just renewed the cert again with certbot renew --preferred-chain "DST Root CA X3" --force-renewal. Could you check it if it works again for Android <7.1.1?

Answer 8 · 2024-04-02T15:55:18.000Z

Yes the problem seems fixed. I can access the website & API from android 6 device. Thanks for the patch.