Android Nextcloud Talk fails because it is not validating the cert/CA when using turns

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face: is for home/non-enterprise users. If you’re running a business, paid support can be accessed via where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:


Or for longer, use three backticks above and below the code snippet:


Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Some useful links to gather information about your Nextcloud Talk installation:
Information about Signaling server: /index.php/index.php/settings/admin/talk#signaling_server
Information about TURN server: /index.php/settings/admin/talk#turn_server
Information about STUN server: /index.php/settings/admin/talk#stun_server

Nextcloud version (eg, 24.0.1): 25.0.7
Talk Server version (eg, 14.0.2): 15.0.6
Custom Signaling server configured: no
Custom TURN server configured: coturn
Custom STUN server configured: [yes/no](

In case the web version of Nextcloud Talk is involved:
Operating system (eg, Windows/Ubuntu/…): Windows 10
Browser name and version (eg, Chrome v101): Edge Version 113.0.1774.50 (Official build) (64-bit)

In case mobile Nextcloud Talk apps are involved:
Talk iOS version (eg, 14.0.2): not tested
Talk Android version (eg, 14.0.2): 16.0.1

The issue you are facing:

So I have Nextcloud, Nextcloud Talk & coturn all running on the same Windows 10 Hyper-V VM (running Ubuntu 20.04.6 LTS) in my home network. My home network is simple - one single subnet ( with the Nextcloud/coturn server coexisting with the Nextcloud Talk clients. Both coturn and Nextcloud (on Apache2) are sharing the same cert that is issued from Let’s Encrypt. When I tell Nextcloud to use turns only (turn over TLS) - I get a green check mark …

  • The problem scenario involves the Nextcloud Talk Android client - it is not validating the CA - it fails to connect and instead both sides spin indefinitely after answering. Looking at a network trace of the problem I can see that Nextcloud Talk Android client refusing to connect because of an “unknown CA” and ending the conversation.
  • Funnily enough the web browser (either Edge or Chrome) based Nextcloud Talk client on the same Android phone - works just fine.

So the problem seems to be with the Android Nextcloud Talk client.

Is there any way to make this work with turns over TLS?

Is this the first time you’ve seen this error? (Y/N): yes

Steps to replicate it:

  1. Configure coturns to use a Let’s Encrypt issued cert (this step may not matter - any trusted CA might result in the same problem?)
  2. Attempt to use the Nextcloud Talk Android app to establish a call.

The output of your Nextcloud log in Admin > Logging or errors in nextcloud.log in /var/www/:


The output of your Apache/nginx/system log in /var/log/____:


Your browser log if relevant (javascript console log, network log, etc.):


Again - the big tell here is the Android based Nextcloud Talk client failing to establish a secure connection with turns - and the fact that a browser on the same phone works just fine. When viewing the communication in Wireshark you can plainly see Android Nextcloud Talk rejecting the CA cert.