TLS/SSLHandshakeException – CertPathValidatorException: Trust Anchor Not Found

Hi all,

I’m working on an Ionic + Capacitor (v5) app targeting Android 13, and I’m encountering this error when making HTTPS requests:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found

The request works fine in Chrome and on iOS, so it’s clearly not a server issue. I’ve already checked:

• The certificate chain is valid and uses Let’s Encrypt
• The Android network_security_config is present and points to the right domains
• App has internet permissions

Is this a Capacitor-specific limitation, or do I need to configure cleartext vs HTTPS rules in a new way for Android 12+ or targetSdkVersion 33?

Any help would be appreciated — especially if someone’s resolved this without needing a custom WebView or native code changes.

Thanks!
jhonnmick

How are you making HTTP requests? With CapacitorHttp or JS (fetch, XMLHttpRequest, etc.)?

What Android device are you having this issue on? Is it an emulator or physical device?

Does it work on the Android device in Chrome?

I bet your Android device is old and doesn’t include the Let’s Encrypt root certificate. Take a look at Certificate Compatibility - Let's Encrypt.

I’d also check your server SSL configuration with a SSL checker like SSL Server Test (Powered by Qualys SSL Labs).

Thanks a lot for the help — your response pointed me in the right direction! It turns out the issue was related to an outdated certificate chain. I updated the server to include the full chain with the ISRG Root X1 certificate, and now the HTTPS requests are working fine on Android 13. Problem resolved!