Custom Xamarin apps: Guidance following CA Change

Problem statement

Android implementation suddenly stopped working with a response of Status Code 0.


  • Custom implementation for a Xamarin app (not using our Xamarin SDK) AND
  • pinning old expired certificates OR
  • using a platform with an outdated certificate manager that is not accepting the new CA OR
  • using an old version of OpenSSL (< 1.1.0 could have this issue).


Cloudflare CA switched from Digicert to LetsEncrypt


The easiest solution here is using AndroidClientHandler. This should use Android’s SSL library with Xamarin, which supports the LetsEncrypt cert with the new root up to Android 4.1.

Project-wide configuration

The recommended way is to set the AndroidClientHandler globally:

Programmatic configuration

If you wish to set this programmatically, you need to ensure to set the SDK’s Backchannel to new


var options = new Auth0ClientOptions() { 
BackchannelHandler = new Xamarin.Android.Net.AndroidClientHandler() 
var client = new Auth0Client(options);

Regardless of approach, we encourage reading through HttpClient Stack and SSL/TLS Implementation Selector for Android - Xamarin as it contains useful information about TLS 1.2 on Android when using Xamarin:

HttpClient Stack and SSL/TLS Implementation Selector for Android - Xamarin | Microsoft Learn.