How To Fix UNITYTLS_X509VERIFY_NOT_DONE

Question

I have seen several answers to similar errors, but not my specific error. The best example is Remy's answer to UNITYTLS_X509VERIFY_FLAG_NOT_TRUSTED

My error is as follows: TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_NOT_DONE

• Web API Node.js / MongoDB
• NGINX with CertBot
• SSL LetsEncrypt with Chained Certs in fullchain.pem

NGINX default

listen [::]:443 ssl ipv6only=on #managed by Certbot
listen 443 ssl
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privatekey.pem # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem # managed by Certbot

As per Unity Docs I used the CertificateHandler class

    internal class RequestCertificate : CertificateHandler
{

    private static string PUB_KEY = "SOME public key";


    protected override bool ValidateCertificate(byte[] certificateData)
    {
        X509Certificate2 certificate = new X509Certificate2(certificateData);
        string pk = certificate.GetPublicKeyString();
        if (pk.Equals(PUB_KEY))
        {
            Debug.Log("Validate Certificate");

            return true;
        }
        else
        {
            Debug.Log("Not Validate Certificate");

            return false;
        }

    }
}

My Register Method

protected IEnumerator Register()
{
    List<IMultipartFormSection> wwwForm = new List<IMultipartFormSection>();
    wwwForm.Add(new MultipartFormDataSection("name", uName.text));
    wwwForm.Add(new MultipartFormDataSection("email", uEmail.text));
    wwwForm.Add(new MultipartFormDataSection("screenName", uScreenName.text));
    wwwForm.Add(new MultipartFormDataSection("password", uConPass.text));

    UnityWebRequest www = UnityWebRequest.Post(EndPointManager.API_URL + "users/store-user", wwwForm);
    www.certificateHandler = new RequestCertificate();
    Debug.Log(www.certificateHandler.GetHashCode());
    yield return www.SendWebRequest();

    if (www.isNetworkError || www.isHttpError)
    {
        Debug.Log(www.error); // OUTPUT: Unable to complete SSL connection
        debugText.text += $"\n HTTP ERROR: {www.error} \n";
    }
    else
    {
        debugText.text += "Success";
    }
}

Answer 1

This had nothing to do with the certificate authority, or NGINX. I decided to set up a front end form to test this error in Chrome and as soon as I did, the answer hit me in the face. I forgot to set environment variables on the production server and got net::ERR_SSL_PROTOCOL_ERROR. Since Unity returned an error that I wasn't familiar with, I didn't know how to handle it.

I had my app.js file looking for the process.env.NODE_ENV so it could set protocol = 'https' but hadn't set it. As soon as I did Node.js used https.createServer(app) instead of http.crateServer(app) and all is well.