nextcloud ios client app "invalid certificate" bug

[Derridaralalala]

Expected behaviour

iOS App should (a) accept the self-signed certificate, when this is (b) still valid and (c) is added as an accepted exeption certificate during the first set-up of the app.

Actual behaviour

When accessing the iOS app to see/download documents, every two seconds the message appears: "the certificate for this server is invalid" and "Error: unable to download". This happens even if you click on "connect anyway" -> "yes" for several times. It seems to be limited to the iOS version, as desktop client and web-access is working fine. It also worked before nextcloud 17 and/or before an app update. Somebody reported this problem also here.

clear cache and reinstall the app and log-in again from scratch does not help.

Steps to reproduce

install ios app, connect to server (login), try to access a file.

iOS version

13.2.3

App version

2.2.5.1

Server configuration

Operating system: Ubuntu 18.04.3 LTS (GNU/Linux 4.4.0-142-generic)

Web server: Apache/2.4.39

Database: mysql 8.0.18

PHP version: 7.2.18

TLS TLS 1.3

Nextcloud version: (see Nextcloud admin page) 17.0.1.

[Halry]

I encountered this probelm too.Only happens on iOS.Android and Web is fine. I am using self-sign certificate .

[Halry]

Okay,I search for why iOS 13 will fail when using self-sign certificate.It seems iOS needs certificate issued after 1/7/2019 needs to short than 825 days. https://support.apple.com/en-us/HT210176

[sferia82]

any solution? i have certificate created with letsencrypt and have short than 825 days. it was created in first of january 2020. with 2.25.5 of nextcloud doesn't allow access in ios 13

[Halry]

have you trust your self-signed certificate in "settings->genernal->about->certificate trust settings"?you have to enable the trust before ios trust your certificate for real.

[sferia82]

my certificate is not selfsigned. is generated by letsencrypt. Anyway I have the certificate installed and it still doesn't work.

[sferia82]

still here.

[sferia82]

i think its not a problem with certificate because with another app to connect to Webdav of my server works with Iphone. But with nextcloud app not.

[sferia82]

and my server with nextcloud app in android works.

[Halry]

oh,if your certificate is not self-signed,then i have no idea why it would happens.sorry.

[ghost]

My issue is similar. I have a self signed deployment. On first login it prompts to connect to server anyway. Specify yes. Works ok for a couple of hours.

Then suddenly it just doesn’t go away, constantly prompting me that the certificate is invalid and do I want to connect anyway (every 4 seconds roughly) and won’t go away.

[ghost]

Maybe an option could be added in the app settings to permanately accept an invalid certificate. So it doesn't keep prompting?

[wjentner]

I have this issue as well. To me it occurs periodically after the LE certs are being rotated. The error message disappears when I reset the cache in the app.

[Derridaralalala]

This problem still exists and also affects Nextcloud Talk App (invalid certificate message) v. 8.1.0. Self-signed certificates are not the cause. It seems as if with the nextcloud iOS app (2.25.9.2):

a) the problem is caused by Nextcloud.

b) it is limited to iOS (web access and desktop client work without problems).

b) when the temporary storage/cache is cleared, the problem is solved for a short time, but then reappears.

c) it also affects server certificates that are valid for less than 825 days.

d) the fact that the certificates are self-signed is not the reason for the problem.

e) an update to nextcloud server 18.0.4 and app version 2.25.9.2 does not solve the problem.

f) it affects the downloading of files (start, speed).

g) mobile access to nextcloud via the browser (Safari iOS) works without problems (certificate seems therefore not to be a problem).

[Derridaralalala]

Did someone find a solution?

(@JorisBodin seems like other users experience this as well)

[ghost]

When this will be fixed? Currently IOS app is unusable with nextcloud with self signed cert.

[gitgick]

On iOS 13.5 and Ubuntu 20.04 LTS and the bug is still there.

Same behaviour as everyone above. The message still randomly pops up and randomly disappears after killing app but always comes back eventually. Web browser and most webdav apps are also fine.

I'm wondering if it's the cert and not the app though - Subsonic clients for example have a mixture of success too - e.g., I can get the iOS app Soundwaves to work because it has a do not validate SSL certificates option, but not on other Subsonic-based apps that I guess must rely on valid certificates.

Running "openssl s_client -connect my.local.ip:443" returns a line that says "Verification error: self signed certificate" which I think is a lot to do with it.

Self-signed certs and iPhones needs work. I've imported my cert into my iPhone and have allowed it permission too but still get this persistent bug.

[TasPats]

iOS App 3.0.1.18 Nextcloud Server 18.0.6

I access my server via NATed server address, say 192.168.88.10 to hide it from external access, only internal users can access or they use VPN

but from outside server is accessible trough FQDN with Lets Encrypt certificates. before it works fine - it complains about invalid certificates, I restart iOS App and accept these "invalid" (but really legal certificates of this server) and all was fine

but!

today I updated my Lets Encrypt certificates and now message is not like from topic starters first post, but red and without possibility to accept and interact atall

[TasPats]

worked around by "old, but gold" - removed account, add same 192.168.88.10 server, accepted "invalid" certificate, login with my creds and all works again, hope, that it is only once, not every 3 month's

[Derridaralalala]

worked around by "old, but gold" - removed account, add same 192.168.88.10 server, accepted "invalid" account, login with my creds and all works again, hope, that it is only once, not every 3 month's

@TasPats Did the same a while ago. Will come back randomly. And does not solve the problem NC (@JorisBodin) should really look into it.

[cogitech2]

I was having the problem exactly as described and was just "dealing with it" by clicking on "connect anyway" -> "yes" several times. It was annoying, but it worked.

A recent ios upgrade has made things worse. I can no longer click "yes". There is no option to "connect anyway". All three of our ios phones can no longer connect at all to my Nextcloud server with self-signed certificates. This sucks.

Also, I went into the ios setting to Certificate Trust Settings and there is nothing to configure. No way to add exceptions.

[thesilk-tux]

I also have the same issue like @cogitech2 described above. In my home network I have a Odroid with Ubuntu 18.04. On this server runs Nextcloud 19.0.1. On my Linux Desktop all works fine (browser and app). On my iOS device (13.6) I got the invalid certificate error. This was normal because the instance is running in my local network so the certificate is self signed. Normally, there was a modal where I could accept the risk and all was fine. But for 1-2 weeks it was not possible to accept the risk and the app is useless at the moment. It would be nice if someone can provide a fix because I think many users could have a similar issue.

“The best cloud is the private cloud” 😄

Log: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “10.10.0.112”, which could put your confidential information at risk.

[cogitech2]

@thesilk-tux Thanks for taking the time to post your report! The more who speak up, the more likely we will receive a solution of some sort. Cheers!

[cogitech2]

@thesilk-tux I just tried the work-around that @TasPats mentioned above and it fixed the issue - for now. When re-creating the account, it gives the certificate error and then you can just connect anyway. After that the app connects normally (no persistent error messages, either).

The only thing is, I had to go in and completely set up all auto upload settings, turn off caching, etc in the app. It forgot all these settings. On top of this, I had to initialize a complete re-sync ("Upload whole camera role"), so it is now plugging away at over 1000 photos even though they are on the Nextcloud server already. Best I can tell, it is not creating duplicates so that's some good news.

[jurkstas]

@thesilk-tux I just tried the work-around that @TasPats mentioned above and it fixed the issue - for now. When re-creating the account, it gives the certificate error and then you can just connect anyway. After that the app connects normally (no persistent error messages, either).

The only thing is, I had to go in and completely set up all auto upload settings, turn off caching, etc in the app. It forgot all these settings. On top of this, I had to initialize a complete re-sync ("Upload whole camera role"), so it is now plugging away at over 1000 photos even though they are on the Nextcloud server already. Best I can tell, it is not creating duplicates so that's some good news.

I can confirm the same behavior, but with 8k+ files to re-upload.

iOS App version 3.0.5.8 Server 17.0.7

[thesilk-tux]

@jurkstas @cogitech2 thanks a lot. This helped us a lot and my wife is happy now after uploading 1700 pictures manually 😄

[Derridaralalala]

When updated to Nextcloud 19.0.2 Server Side, the problem so far seems to be gone. Anyone observed the same? App is on iOS Version 3.0.6.8.

[TasPats]

my Lets Encrypt certificate updated and I get red error window without option to accept certificate as valid

Nextcloud Server 19.0.3. iOS/iPAD client 3.0.7.26

only option remove active account, lost cached files and reenter credentials and resync data

ironically, that Linux Desktop client 3.0.2. accept new certificate with one click and so Nextclod Android app 3.13.1. with one touch

[Waringham]

The problem is still there!

Nextcloud Server 21.0.0.18 iOS client 3.3.1.1

This bug renders the iOS Nextcloud client completely useless and calls the whole concept of a private cloud into question.

[cogitech2]

@Waringham

Indeed. I have abandoned Nextcloud at this point. Deleting the accounts from the iOS apps on 4 phones and re-adding and re-syncing every week or two is simply not feasible.

Since the primary usage in my case is backing up photos/videos from the phones, I have decided to use a dedicated phone app to simply sync photos/videos to an SMB share on my NAS.

[marinofaggiana]

Hi all, with the next version 4 we want fixed.

[marinofaggiana]

Please all, verify this issue with the V 3.5.0 - Build >= 19 ( WORK IN PROGRESS )

[Tucubanito07]

I just started to get this when I updated to the latest test version. Just an FYI.

[DennisBankmann]

Same issue here with Letsencrypt certificates. Desktop (Win+Mac), Webdav, Browser, Nextbookmarks, Joplin, ... all fine. Only iOS app pops up the warning/error message ("invalid certificate"; yes/no/details) as shown above every 5sec.

Curiously, in between the popups, the app works fully as expected.

iOS 14.7, App 4.0.4 Server 21.0.3

[B-X-M]

Same here what DennisBankmann said! With iOS 14.7 the certification process for LE-certs is broken but only in the app. Opening the very same site in Safari works.

[marinofaggiana]

@DennisBankmann @B-X-M do you have an account test for me where this issue is present ?

[TasPats]

i migrate to LE wildcard cert *.mydomain.com and FQDN (instead valid IP) Nextcloud server access and now all is smooth, iPhone, iPad with 14.7.1, 4.0.4.0, 21.0.3. and so with Android client 3.16.1

[B-X-M]

@marinofaggiana

@DennisBankmann @B-X-M do you have an account test for me where this issue is present ?

Unfortunately not. As this is a company instance, I am allowed to provide a test account. Is there any data I can provide in order to make bugfixing possible?

[DennisBankmann]

@DennisBankmann @B-X-M do you have an account test for me where this issue is present ?

Thanks for the follow-up! Interestingly, having updated yesterday to iOS app 4.0.5, the issue is currently not occurring anymore. With 4.0.4, it was happening on and off - thus by next week, I should know for sure whether this reoccurs or not. If it does reoccur with 4.0.5, I can provide a test account.

PS: it could also be related to phone rebooting or OS update as apple released ios update 14.7.1 in the last days, too.

[byl-on-github]

Same problem here, iOS 14.7, App Version 4.0.6, nextcloud instance 22.0 with valid LE certificate. Update: Issue still there with iOS 14.7.1 Update2: Sorry, I have to correct myself. We were just upgrading to 22.0 and are now facing some weird problems. So we rolled back to the latest 21 and after uprgading to iOS 14.7.1 everything runs smooth again and the certificate error is gone...

[pwaring]

I'm experiencing this problem as well with a LetsEncrypt certificate. Every couple of seconds the iOS app pops up the window saying that the certificate is invalid, but if I view the certificate it is the correct one and it hasn't expired or been revoked. I can access the server directly in Safari, Firefox etc. on iOS without any problems, and I have no problems with the Android app or the Linux client, so I strongly suspect this is a problem confined to the iOS app.

App version: 4.0.4 iOS version: 14.7.1 Nextcloud server: 21.0.3

All are the latest available versions and I've checked for updates.

[TasPats]

1. do you access server in Nexcloud in same way as in your browsers? like https://www.server.com

2. configuration with LE ever worked and now stopped? what is changed now?

[pwaring]

I access the server via the iOS app - that was authenticated originally (ages ago) via the browser.

The configuration with LetsEncrypt has worked for over a year and has stopped recently (not sure when exactly as I don't always go into the app). I haven't changed anything on the server other than installing updates, likewise with the app.

[pwaring]

Still an issue on 4.0.5 (updated automatically yesterday).

[nclark]

I'm running into this as well, 4.0.6.0 Nextcloud Liquid for iOS, Nextcloud server 22.1.0.

Mobile Safari accepts the LE cert as valid.

I cannot provide a test account as it's only accessible over my VPN.

[florianmulatz]

Also an issue for me

App-Version: 4.0.6.0 Server-Version 22.1.0

Any time I change from mobile to WIFI or vice versa it tells me that the certificate is invalid although it isn't. I'm using split-dns (Url nextcloud.example.com shows to internal IP (in WIFI) - the same URL shows to my public (proxied) IP from Cloudflare via MobileNetwork). Both certificates are valid (the public one is served by cloudflare - the private one is served by Let's Encrypt)

Cheers

[root9191]

I have the Same Problem on NC 22.1.0 and App Version 4.0.6.0 I Use NGINX Reverse Proxy and have a valid Certificate for the Domain. On the Browser i do Not have this Problem.

[TasPats]

all, who say "On the Browser i do Not have this Problem."

• do you have exception for Your site in browser?
• is server access string in Nextcloud application is the same as in LE cert, and in "Browser i do Not have this Problem"?

[root9191]

all, who say "On the Browser i do Not have this Problem."

• do you have exception for Your site in browser?

• is server access string in Nextcloud application is the same as in LE cert, and in "Browser i do Not have this Problem"?

No i don't have an exception in my Browser and the Server Access String is the same.

[pwaring]

Same here, I don't have an exception for my Nextcloud instance in my browser and the certificate is the same. I also don't have a problem with the Android app.

This definitely seems to be a problem with the iOS app as every other mechanism of accessing my Nextcloud works.

[nclark]

all, who say "On the Browser i do Not have this Problem."

• do you have exception for Your site in browser?

I don't have an exception in the browser.

• is server access string in Nextcloud application is the same as in LE cert, and in "Browser i do Not have this Problem"?

I'm very new with NextCloud and I'm not sure where to find the "server access string" but the domain that the cert is issued for and that the iOS clients are giving me this message about is the value for overwritehost, is the domain part of the value for overwrite.cli.url and is the first element in my trusted_domains array.