nextcloud ios client app "invalid certificate" bug

[Derridaralalala]

Expected behaviour

iOS App should (a) accept the self-signed certificate, when this is (b) still valid and (c) is added as an accepted exeption certificate during the first set-up of the app.

Actual behaviour

When accessing the iOS app to see/download documents, every two seconds the message appears: "the certificate for this server is invalid" and "Error: unable to download". This happens even if you click on "connect anyway" -> "yes" for several times. It seems to be limited to the iOS version, as desktop client and web-access is working fine. It also worked before nextcloud 17 and/or before an app update. Somebody reported this problem also here.

clear cache and reinstall the app and log-in again from scratch does not help.

Steps to reproduce

install ios app, connect to server (login), try to access a file.

iOS version

13.2.3

App version

2.2.5.1

Server configuration

Operating system: Ubuntu 18.04.3 LTS (GNU/Linux 4.4.0-142-generic)

Web server: Apache/2.4.39

Database: mysql 8.0.18

PHP version: 7.2.18

TLS TLS 1.3

Nextcloud version: (see Nextcloud admin page) 17.0.1.

[gitgick]

Sorry this will not help most of you but just wanted to say I got this working on the iPhone with this strategy: generate a valid certificate. I used a simple fake domain for my home network - literally anything not real .com. And then some Linux command long forgotten (implemented this years ago) to generate and point to the certificate.

I then imported the certificate file to my iPhone as a profile in General > Settings > Profiles. I think I got some warnings and errors and ok’d them. It is showing verified in green text. The Nextcloud app works on my iPhone and has done on every update for a few years.

I made sure to add the Nextcloud to the app using the domain name. A few years back before I tried this the certificate would error repeatedly and then with this work around it just stopped and hasn’t failed since. My cert expires in 2030.

On Wed, Aug 18, 2021 at 14:47 Neal Clark @.***> wrote:

all, who say "On the Browser i do Not have this Problem."

• do you have exception for Your site in browser?

I don't have an exception in the browser.

• is server access string in Nextcloud application is the same as in LE cert, and in "Browser i do Not have this Problem"?

I'm very new with NextCloud and I'm not sure where to find the "server access string" but the domain that the cert is issued for and that the iOS clients are giving me this message about is the value for overwritehost, is the domain part of the value for overwrite.cli.url and is the first element in my trusted_domains array.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nextcloud/ios/issues/1036#issuecomment-901347425, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH2SHJTASNTQCF25KNX6WADT5P545ANCNFSM4JYMAS3A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .

[root9191]

What i just checked, was That when i am in my local Network and Look at the Details of the Certificate there stands cloud.domain.at (thats Correct) But when i use the mobile network the NC App use a Wildcard Certificate. So i get in the Details *.domain.at

[root9191]

After some googleing i found something to try out: In the NGINX Proxy Manager i added this line to my NC Host in the Advanced Tab: proxy_hide_header Upgrade; Now i do not get the "Certificate Not Valid" Message in my local Network, but still when i use my the Cellular Network. Can someone prove this?

[Heracles31]

Got that problem also on my side. Wildcard certificate from Lets Encrypt is clearly valid. IOS, Nextcloud App and Nextcloud servers are latest version.

Deleted and re-created the account : No luck. Still invalid certificate error in the app. Deleted and re-created the account but using an App Token instead of authorisation through the web interface : FIXED! No more invalid certificate errors. Lets hope now that it will last...

[Heracles31]

And if a developper needs a test account in my cloud, you can PM me. I can provide you with one. The account will not be allowed to share anything and storage will be restricted to 1G but it will be enough for any test you need about this one.

[root9191]

This didn't work for me.. @Heracles31 do you also use a Reverse Proxy?

[Heracles31]

Yep ; HAProxy is doing the job and is configured as an SSL accelerator : it terminates SSL and connects back over clear text HTTP to the Nextcloud Docker.

[root9191]

Ok so this like the NGINX Reverse Proxy?

[Heracles31]

I never use NGinx here. Apache, Squid, HAProxy.... Still, an HTTP reverse proxy is an HTTP reverse proxy... But I can not tell you anything specific about NGinx because I never use it.

[Stelorio]

Same problem for me. I have a valid LE certificate, works with every client except iOS App which will bring up the invalid certificate error.

I can view the certificate, it is the correct and valid certificate for the correct domain which is used to connect.

[bootlesshacker]

I've noticed this is happening with me today. I'm using Apache/2.4.6 (CentOS) with a LE certificate which is valid and accepted on everything else I use. A+ Rating on SSL Labs. Issue only started recently. LE certificate was rotated on 22 Aug 2021 22:01:48 - not sure if it was occurring since then as I haven't been in the app but mentioning that in case that's helpful.

[houdini69]

Same issue for me as for others on iOS 14.7.1. Let's Encrypt valid certificate, Nextcloud 21.0.4 with Nginx web server (Armbian 21.08.1 Buster). Interestingly, I haven't this behaviour with another corporate account.

[bootlesshacker]

This issue is historical/closed. If you are getting this error I encourage you to comment on the active issue so it gets more attention

https://github.com/nextcloud/ios/issues/1682