lneugebauer / nextcloud-cookbook

Android client for Nextcloud Cookbook app.
https://lneugebauer.github.io/nextcloud-cookbook/
MIT License
54 stars 9 forks source link

Can't connect to my NC instance - Certificate error #54

Closed MattRGX closed 2 months ago

MattRGX commented 1 year ago

Describe the bug

I try to connect the cookbook app (f-droid) to my NC instance where i have few recipes in my cookbook. I have https enabled on my instance. When trying to connect the app, it doesn't log in and instead i have a red error message saying certificate error.

To Reproduce Steps to reproduce the behavior:

  1. Enable https on your instance
  2. Try to connect through the cookbook app.
  3. See error

Expected behavior

When trying to log in, the app should ask to validate the certificate and then login. It works like that for the nextcloud app, the money buster app, the Deck app, ...

Additional context

NC instance is self-hosted and not open to the internet.

lneugebauer commented 1 year ago

Hi @MattRGX, please try to install the certificate on your phone in order to access your Nextcloud. https://support.google.com/pixelphone/answer/2844832?hl=en

MattRGX commented 1 year ago

Hello @lneugebauer, i took the .crt file from my etc/apache2 folder and copied it to my phone. Then i install it via the CA certificate option. Now i don't have the certificate error anymore but still can't login. I got an error that says : Hostname 192.168.1.2 not verified : certificate sha256/ blablablabla....

thanks again for your help

lneugebauer commented 1 year ago

@MattRGX if I understand correctly you get an error similar to this:

Screenshot_20231022_154656

To me this looks like your certificate wasn't issued for that specific domain/ip. You may need to create a new certificate for that specific domain or ip.

I'll see if I can improve the behaviour to connect with self-signed certs. This will take some time though.

MattRGX commented 1 year ago

Yeah it is exactly that error message. i will see to create a new certificate, otherwise i'll wait for an update of the app to connect with self-signed certs.

Thanks for your answer :)

MattRGX commented 1 year ago

So finally i managed to remove my SSL settings (my NC instance is self-hosted at home and not open to the WAN).

But still can't connect. The login gives me an error regarding the URL that must start with HTTPS.

Is this normal that i can't login from my self-hosted instance ?

Thanks for your answer

lneugebauer commented 1 year ago

Hi @MattRGX, in order to connect to your Nextcloud instance, it needs to be accessible via https and the certificate needs to be trusted by your device. This means that you certainly can access your self-hosted Nextcloud on your home network. As mentioned above, I'll be working on improving the workflow for connecting with self-signed certificates in the future. I'll let you know as soon as I'll start working on it.

MattRGX commented 1 year ago

Hi @lneugebauer ! Thanks for your answer. My NC instance is not (and won't be) accessible via https because i don't need https. My instance is self-hosted at home on a server that is not open to the wan. Thanks anyway for the project :)

f1o1f commented 11 months ago

Hi @MattRGX, in order to connect to your Nextcloud instance, it needs to be accessible via https and the certificate needs to be trusted by your device. This means that you certainly can access your self-hosted Nextcloud on your home network. As mentioned above, I'll be working on improving the workflow for connecting with self-signed certificates in the future. I'll let you know as soon as I'll start working on it.

would it be possible for the cookbook app to connect via the Nextcloud app? Like the News app does for example? This would make it way easier. Also, maybe the error message for the missing certificate could be clearer. If I hadn't read this thread, I would have no idea what to do, since most other apps work out of the box

EDIT: just caught your own enhancement request for this... sorry for the duplicate :)

lneugebauer commented 2 months ago

I'll close this issue as it is possible to use self signed certificates. I've also enabled unsafe http traffic (see #58) which will be shipped with the next release.