Had been working with old temp server in place for months - I finally got the bug and built new server and got 15.0.5 everything going fine on PC with Firefox addon - no issue. Just had to setup account and proper password - no problem. BUT On Android NextCloud App works 100% but the Android Password app will not accept my server name (or straight IP) at the https://… prompt
Uninstalled rebooted reinstalled directly from PlayStore and still can not even get past the server prompt to setup. Needless to say Firefox addon on Android not working either - just set to disable until get everything else going. Note - in the Android Firefox browser I can go to the https:// dns or ip and log right in no issue - even see the bookmarks and passwords…
Sure was cool to have passwords synced with PC and Android - nice app.
Anyone know how to get this app working again?
This is on android - at the very first prompt for server - can’t get passed… Gives ‘network error’ no matter how formatted ie with or without https:// a fqdn or a local ip address. With a trailing / or without.
All other instants of password (desktop plugin) work just fine. I can even logon on the android via web browser and see password and bookmark OK. No errors seen or found.
Tried to turn off the api in setting then setup android - same issue - turned back on because other clients stop working.
Still not working - the Android app - Nextcloud Password v1.10 from playstore will not accept any https http or ip on first setup screen after install. I have cleared data & cache stopped and removed app from phone - installed directly from playstore and still get same issue - Network error and back to prompt. I do not have issues getting to server from other nextcloud apps (nextcloud, notes, carnet) from same phone on same network.
Hi, many people reported this same error since time ago. But I couldn’t reproduce, so it’s difficult to guess the root cause… Anyway I’m working on the next release of NC Passwords for Android that I would like to publish by the end of the month. And it will have probably a debug feature for all this kind of tricky issues. I hope you can get it working soon.
self signed cert.- just to use https on internal network.
One more possible hint - I did have this working on another server.
I am going to assume the cert was downloaded and correct but when I updated server (different cert) the ‘network error’ appeared. Uninstall/Reinstall etc efforts does not replace the original cert. Maybe in a future version you can include a way to remove/replace cert or force download of cert.
Ok - not sure exactly but it’s working now…
Firefox had some issues with certificate last week and also an update for the password app on nextcloud server. After waiting a couple of days for the Firefox issue to be solved on Android and then updating my android it allowed me to edit the server and login info on the password firefox add-on - I did have to say accept self-signed certificate check mark. IT WORKS 100% now - even tried on LTE connection and it found my server like it did before - no issues.
Andyj9
You can prevent any issues with any app by using a signed certificate. There are many guides out there how to do this e.g. by using Let’s Encrypt.
No matter what fancy way you use to describe a plaintext HTTP connection (with at best some partial encryption if your VPN is actually secure), it’s still a far cry from the security of a proper HTTPS setup.
And because of that, browsers don’t consider a HTTP connection to be a secure environment.
And because browsers don’t consider HTTP webpages to be a secure context, some browser apis used by the passwords app are not available to HTTP webpages.
And because the passwords app would not work properly without these apis, we don’t support plaintext HTTP connections. And that’s why you don’t get to choose.
Additionally, if there was some “ignore missing HTTPS” option, users that don’t even have a VPN and just use plaintext HTTP all the way would use this option since it’s easier than setting up proper security to secure literally all your passwords.
And if some of these users then tried to enable E2E in the app to get some pseudo security (because E2E over HTTP is obviously insecure), they would notice that it doesn’t work (missing the crypto api).
And those users would then either come complaining to the developers (of the passwords app or any third party app) or they would use the app in an insecure way and come complaining to the developers after they got “hacked”. And because i don’t want to deal with the complaints of users that discovered that not using security is insecure, you don’t get to choose.
Also, neither the passwords app nor the passwords app api used by the apps & browser extensions allows a HTTP connection. So even if the developer of any third party tool wanted to allow HTTP connections - they can’t. The api doesn’t accept it.
The age of HTTP is over. It’s outdated and insecure.
With self-signed cert I’m getting error in apps: “Network error”, with browser works well, just writes “not safe”.
For Let’s Encrypt Internet access is required, but I need internal access only, without any external inputs. Only local network.
HTTPS is not need in local network, including VPN. From who need encrypt data in LAN? From aliens? Local network is fully safe network.
Btw, http is convenient - for example, I have setup nextcloud instance and can use it right now. Making httpS - it’s additional useless configuration.
Well, any normal VPN is the more safer than HTTPS.
Alright, if you’re accessing to nextcloud from ‘dirty’ Internet (or another any app - for example - rocketchat), of course you need to use HTTPS, no questions. Here is all easy - just run certbot --apache and it will setup all automatically.
But, could you explain please, how to setup correctly httpS in LAN without Internet access? Because as I said, LetsEncrypt is requires access to/from Internet.
If you can’t use a normal CA (like Let’s encrypt), you can create your own.
Create a CA certificate
Import the CA certificate on Android/Windows/Firefox
Use the CA certificate to sign your webserver certificate
There are tutorials for each step out there, i’m sure one will fit your setup.
Well, in case aliens ever want to get into your private network, they will most likely find a plethora of insecure IoT devices that are more than willing to act as an entrypoint. Since you’re getting this error on the Android i’m somehow doubting that you’re connected to your server via LAN. You’re probably using a WPA2 secured WLAN, which is vulnerable to KRACK-attacks which literally allows HTTP content injection. Any device in your LAN - even your router - is a security risk. There is nothing secure there.
How your browser literally says “Not secure” when you access NC via HTTP and you still argue that it’s more secure than HTTPS is beyond me. A VPN is - at best - an encrypted connection between the OS of your device and the OS of the server running your Nextcloud. The vast majority of “normal VPN” is the connection between the OS of your device and an endpoint in the target network or just somewhere on the internet. From there on the connection is plain text and accessible to absolutely everyone.
You might deem that security issue negligible for you, but the passwords app is also used by others. A company can’t just assume that no device/empoyee/guest with access to the network will ever do something malicious.
VPN is intended for a secure connection to a network, while HTTPS is intended for a secure end-to-end connection.
With a VPN the client and the server only see a HTTP connection and there is no way of knowing if there was any encryption on the way.
HTTPS is a secure connection between your Browser and the webserver (Apache/Nginx etc.) Unlike VPN, there are actually standards for safety enforced by the browsers.
Arguing with me about how safe your VPN is isn’t going to change anything. Go to Mozilla and Google and get them to accept your HTTP+VPN solution to be a secure context and get NC to add a VPN detection and then we can talk.
It’s Sept 2021, and I still can’t connect the android nextcloud password app (version 1.15 fdroid / google - ’ Network Error’) to my nextcloud server (version 21.0.4 self hosted on Ubuntu server 21.04 LTS). No problems with other apps, nor with desktop firefox addon nextcloud passwords. I turned of 2FA for testing. This didn’t help either. No ideas left what to test. Unfortunately NC Passwords (21.4.1) starts with blank screen on Android 6 - so no luck there either.
Reading the above leaves me with one question: If I have self signed certificates for identification, does the certificate for the CA need to have a passphrase set? Because my cert doesn’t have one. Could this be responsible for the connection problems?
(And before someone insists on setting a passphrase: our small office centers around an industrial printer that is not able to make connections with a set passphrase for the certificate authority. I have to stick another 4 years to that stupid printer)