Android CertPathValidatorException:找不到证书路径的信任锚点

我向OKHTTPClient添加了HTTPPinning，示例代码为：

OkHttpClient client = new OkHttpClient();
client.setSslSocketFactory(getPinnedCertSslSocketFactory(context));


private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream incontext.getResources().openRawResource(R.raw.prod_keystore);
        trusted.load(in, "venkat@123".toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trusted);
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        Log.e("MyApp", e.getMessage(), e);
    }
    return null;
}

我将该应用程序上传到playstore，从过去1年开始，它运行良好。但从最后一周开始，它给出了以下问题，我使用了com.squareup.OkHttp:OkHttp:2.7.4版的OkHttp

OkHttpClient client = new OkHttpClient();
client.setSslSocketFactory(getPinnedCertSslSocketFactory(context));


private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream incontext.getResources().openRawResource(R.raw.prod_keystore);
        trusted.load(in, "venkat@123".toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trusted);
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        Log.e("MyApp", e.getMessage(), e);
    }
    return null;
}

java.security.cert.CertPathValidatorException: Trust anchor for 
          certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
                  at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
                  at com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
                  at com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
                  at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
                  at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
                  at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
                  at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
                  at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
                  at com.squareup.okhttp.Call.getResponse(Call.java:286)
                  at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
                  at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:205)
                  at com.squareup.okhttp.Call.execute(Call.java:80)
                  at com.venkat.good.http.MyHTTPThread.run(MyHTTPThread.java:492)
                  at com.venkat.good.http.MyHTTPThread.run(MyHTTPThread.java:76)
                  at java.lang.Thread.run(Thread.java:818)

通过使用OKHTTP3，我解决了这个问题

OkHttpClient client = new OkHttpClient();
client.setSslSocketFactory(getPinnedCertSslSocketFactory(context));


private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream incontext.getResources().openRawResource(R.raw.prod_keystore);
        trusted.load(in, "venkat@123".toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trusted);
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        Log.e("MyApp", e.getMessage(), e);
    }
    return null;
}

String hostname = "yourdomain.com";
  CertificatePinner certificatePinner = new CertificatePinner.Builder()
 .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
 .build();
   OkHttpClient client = OkHttpClient.Builder()
 .certificatePinner(certificatePinner)
 .build();

  Request request = new Request.Builder()
 .url("https://" + hostname)
 .build();
 client.newCall(request).execute();

但我想知道为什么以前的OkHttp2版本会工作几天，之后会出现问题？

OkHttpClient client = new OkHttpClient();
client.setSslSocketFactory(getPinnedCertSslSocketFactory(context));


private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream incontext.getResources().openRawResource(R.raw.prod_keystore);
        trusted.load(in, "venkat@123".toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trusted);
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        Log.e("MyApp", e.getMessage(), e);
    }
    return null;
}

---

服务器端是否有更改或证书过期的可能？我在创建BKS文件时没有指定任何日期，服务器端人员也没有更改任何内容。