Expo Push Notification returns an SSL error

  1. SDK Version: 35
  2. Platforms: Android/iOS

so recently all of our users haven’t been receiving any notifications, and we were checking if the tokens are being generated or not? and it turns out that Notifications.getExpoPushTokenAsync() has been throwing this error recently

[Unhandled promise rejection: Error: An SSL error has occurred and a secure connection to the server cannot be made.]
- node_modules/react-native/Libraries/BatchedBridge/NativeModules.js:155:41 in createErrorFromErrorData
- node_modules/react-native/Libraries/BatchedBridge/NativeModules.js:104:55 in <unknown>
- ... 5 more stack frames from framework internals

is there a way to fix this?

1 Like

We also believe it has to do with a DNS/IP issue like what we faced before from a week or two ago. Using a VPN fixes the error. Also none of our team members have been able to login to expo using ‘expo login’ from the terminal. It just returns ‘read ECONNRESET’ immediately and we can’t use ‘expo publish/build/upload’ but if we use VPN we can login fine.

Is it possible there’s a transparent proxy between you and the Expo servers that is interfering?

No we don’t think we are. We tried with different ISPs and WIFI connections on different devices and the results are still the same. We also noticed that if do use a VPN to publish an OTA update, users won’t receive the OTA update unless they are also connected to a VPN.

This whole issue was prevalent a couple of weeks ago and we submitted an issue about it here. None of the suggestions were working until one day everything just started working as usual with no VPN connections and now the issue came back again. We are currently located in Kuwait and most of our users are in the GCC countries if that helps any.

Hi

The only other suggestion I have is to use a packet sniffer (e.g. Wireshark) to capture the traffic between the app and the server(s) to see what SSL certs are being used etc. Do this with and without the VPN and compare them. The SSL certificates should be identical in both cases. Same Subject, Subject Alternative Name, Issuer, dates, etc. A transparent proxy that’s intercepting the traffic would generate the cert on the fly with matching Subject etc., but would not be able to spoof the Issuer. (Unless they had managed to pay off or otherwise compromise the certificate authority.)

If the certs are identical when using a VPN vs. when not using a VPN then at least we’ve eliminated that possibility. I’m not sure what to investigate next, but maybe the packet sniffer will give you other clues.

A Push Notification Certificate is necessary in order to send push notifications to attendees via your app.

so it’s working again… honestly we have no idea why this keeps happening.

@cain3n we already know it has nothing to do with the certs
@wodin thank you for the advice, we were planning that but it was taking time cause we don’t have much knowledge on packet sniffing and we’re just kinda not sure what to do