Cannot solve ownnotes / android problem

I’ve been using owncloud / nextcloud for a few years, on and off. I recently moved to nextcloud full time as my cloud system. Everything works great except this dang notes functionality with the android client ownnotes.

The problem is with a self signed cert. I cannot install a self-signed cert on android unless the CA flag = true and trying to figure that out has been a nightmare. As such, I cannot use the ownnotes app (or any other owncloud / nextcloud notes app), even if I check to always use / trust self-signed certificates.

This is the last part of my nextcloud solution that I need to get working. My server is on my private LAN and I access via VPN when I am remote; still want SSL on my server.

Has anyone found a good way to solve this issue? I am thinking that maybe if I get a cert from Let’s Encrypt, that might help, but can I do that for a server that is not actually on the public Internet?

Any advise / help is appreciated folks. I finally have a near total solution I have been working toward for years and this piece is final thorn in my side.

This problem is out there - I’ve read many similar entries on the web, but no one seems to have an answer. This cannot be as difficult as it is presenting itself. Does anyone know how to create a cert with the CA flag = true?

I’m not an expert on Let’s Encrypt and was happy that I could use a script that setup everything automatically. However the server had to be available from the internet to receive the cert.
Wouldn’t it be easier for you to make this server public and get a Let’s Encrypt cert? You can check your server security with
https://scan.nextcloud.com
and
https://www.ssllabs.com/ssltest/

to be sure you’re not exposing your data to the world.

I believe for security reason it is the purpose that you can’t create a cert with the CA flag, if there is no actual CA providing this cert.