Due to deadlines I have not had the opportunity to evaluate an OpenSSL upgrade.
Please see OpenSSl 1.1.0 Changes for more information on what might go wrong with upgrading OpenSSL.
After digging into Ubuntu 16.04 which is the basis for KoBo deployment containers with OpenSSL 1.0.2g, the certificates problem was supposedly resolved by OpenSSL version 1.0.2g-1ubuntu4.20.
According to Amazon Web Services, Ubuntu 16.04 was modified through an OpenSSL package update to handle the Let’s Encrypt certificate expiration. This suggests the problem does not lie in services dependent upon Ubuntu 16.04.
I don’t know enough about how an Enketo form request flows through KoBo to isolate where the form request breaks. I’ve poked around logs here and there but didn’t manage to spot anything obvious. My hunch is that the request breaks at a service that is not Ubuntu 16.04 related.
My KoBo deployment, except for Enketo, worked before and after the Let’s Encrypt change. So I think there’s something in Enketo, probably unrelated to Ubuntu 16.04 and OpenSSL 1.0.2g-1ubuntu4.20, that is broken. What that something is is the question.