3.29.0 doesnt connect and spams with "No client certificate found" dialog

[mlilien]

⚠️ Before posting ⚠️

• [X] This is a bug, not a question or an enhancement.
• [X] I've searched for similar issues and didn't find a duplicate.
• [X] I've written a clear and descriptive title for this issue, not just "Bug" or "Crash".
• [X] I agree to follow Nextcloud's Code of Conduct.

Steps to reproduce

connect to server via android app 3.29.0

Expected behaviour

• be able to connect to server
• client certificate handling should be imho optional
• documentation how to handle client certificate e.g. if using LetsEncrypt for nextcloud server is preferable

Actual behaviour

I can not connect and get a "No client certificate found" which i can cancel, but then the dialog appears again

Android version

14

Device brand and model

google pixel 7a

Stock or custom OS?

Stock

Nextcloud android app version

3.29.0

Nextcloud server version

27.1.4

Using a reverse proxy?

Yes

Android logs

No response

Server error logs

No response

Additional information

reverse proxy is traefik

[ne20002]

I have this nagging on current iOS client after I added optional mTLS on my reverse proxy.

[Haugi88]

I have the same issue. Only Problem to connect is the App. I have unraid, NGINX reverse and cloudflare.

[chomama05]

I have the same issue. Browser access works, but android app keeps telling me 'No client certificate was found Do you want to install a TLS client certificate'

[ne20002]

I got the update from F-Droid. I must say, version 3.29.0 is requiring a client certificate even though it is configured optional on the server.

This is the nginx config:

    ssl_client_certificate  /etc/nginx/client_certs/clientCertsCA-chain.pem;
    ssl_verify_client       optional_no_ca;
    ssl_verify_depth        1;

It works with Firefox (with or w/o certificate, it asks only once). It works with Nextcloud Android app 3.29.0 if a user certificate has been installed on the device. It offers to choose one and uses it.

But if there is no certificate on the device, it always reopens the popup asking to install a certificate, even though I choose Cancel all the time. This prevents the app from opening. For a mtls certificate being optional this is not ok.

The iOS app is not much better. It pops up all the time saying the certificate of the server has changed (it does not) and ask if the certificate is trusted. When selecting yes the app is usable until it pops up again.

As long as these problems exist using client certificates is simply not possible. :(

[localguru]

Same as @ne20002 The App ignores all optional ssl_verify_client settings, but turning ssl_verify_client off.

[Niceclear]

Hello,

I had the same issue.

To solve it, I just removed the host from "Client Certificates" on cloudflare.

[ne20002]

To solve it, I just removed the host from "Client Certificates" on cloudflare.

With what you disabled check of client certificates all together? So just set support for client certificates to off on your host? This is not solving the problem. ;)

[Niceclear]

With what you disabled check of client certificates all together? So just set support for client certificates to off on your host? This is not solving the problem. ;)

Maybe we don't have the same problem.

My problem was the following error "No client certificate found" like the author.

I checked my cloudflare configuration, and saw that the "Client certificates" option was enabled (an error on my part in the past). I just disabled it and I didn't get the error on the app anymore.

From what I understand, you want to enabled it. But me I don't want.

[gabrix73]

Same issue here, ok from desktop pc, client certificate "mandatory" for successful authentication in Android 14 . Nextcloud server tls from my vps is configured with letsencrypt certificates.

[jlnau]

The mobile app stopped working on Android 14 - 'No client certificate was found'. I tested with fresh Nextcloud server installs on Truenas and Linux, with the same result.

[macdaddybighorn]

Same issue here, using nextcloud through cloudflare zero trust tunnel. Pixel 7 (Android 14). Stopped working in 3.29.0 so I've been using 3.28.02 since. Just tested 3.29.2 and still broken, just following the open issue here. As a user I'm thankful for those smart enough to contribute!

[sapstar]

I have the same issue. When on my local network and using traefik as reverse proxy, mobile app v3.29.2 works fine. But when connecting over internet, I am using cloudflare tunnel, routing through the traefik reverse proxy in my local network. This only works with 3.28.2.

[sapstar]

Hello,

I had the same issue.

To solve it, I just removed the host from "Client Certificates" on cloudflare.

Thanks for the solution. This resolved it for me.