Official Ubuntu Documentation wiki pages Inaccessible from Android

PS - All such pages finally fail to load.... making them completely INACCESSIBLE from an Android browser.

PPS - Same problem on ALL URLs beginning with https://wiki.ubuntu.com/

Here is the Ubuntu Forums thread discussing the problem: http://ubuntuforums.org/showthread.php?t=1456655

Tried in xScope browser with user agent strings for Android, iPhone, "desktop," and iPad. All do not work. Page fails to load. This happens for both https://wiki.ubuntu.com and https://help.ubuntu.com

I attached an upstream bug report for Android - there were a number of reports listed about failure to connect to secure sites, but that was most directly related.

Also see bug 373987 - if we fix that, then this problem goes away.

I've stumbled on this problem myself, and I might have a clue as to what the problem is. The certificate chain sent by help.ubuntu.com:443 is in the wrong order:

$ openssl s_client -CApath /etc/ssl/certs/ -connect help.ubuntu.com:443
CONNECTED(00000003)
depth=2 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/O=*.ubuntu.com/OU=Domain Control Validated/CN=*.ubuntu.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
 1 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://<email address hidden>
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
---

The last two certificates are in the wrong order. Certificate 0 has certificate 2 as issuer, but "Each following certificate MUST directly certify the one preceding it" (RFC 5246).

Another problem with the certificate that very pedantic X.509 implementations will find is that the certificate for *.ubuntu.com uses a PrintableString to represent the string "*.ubuntu.com", but the PrintableString alphabet does not include the character "*". This can be checked by converting the certificate to DER format and running dumpasn1:

 338 3: OBJECT IDENTIFIER commonName (2 5 4 3)
 343 12: PrintableString '*.ubuntu.com'
         : Error: PrintableString contains illegal character(s).

I've reported the issue to the Ubuntu Sysadmins to look into this.

The Canonical Sysadmins have confirmed that this is now working. Please comment here if that is not the case.