iOS "Cannot verify server identity" when trying to add cardDAV/calDAV

Hi all–

I’ve started running a NextCloud server off of an old laptop in my closet using the Ubuntu snap package. The setup was very easy and I’ve been using it to sync photos, as well as upload and share documents, for a few weeks now.

Visiting the server’s domain name in my browser works as expected, and shows a valid and trusted certificate issued by Let’s Encrypt and expiring in a couple of months–however today I decided to begin using it to sync my contacts and calendar across devices.

When following the documentation here, I receive an alert that iOS “Cannot Verify Server Identity”. The certificate it returns is odd–it says it’s issued by “MISTRAL Vorlan ICA” and expires in 2037.

I’ve done a bit of Googling and haven’t been able to find anyone experiencing this particular problem. I wouldn’t consider myself a technology expert, but I am familiar with the concept of a man-in-the-middle attack. I wouldn’t expect to be targeted in a MITM, but I don’t want to ignore this either.

Has anyone else experienced this, or does this sound like an issue on my end? When cancelling out of the certificate window, the iOS device added the server anyway. If this were a MITM, would they have the credentials necessary to access the rest of my server now? Should I burn my computer? I’ve followed the troubleshooting instructions here and my /.well-known/carddav and /.well-known/caldav are resolving properly.

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Nextcloud version (eg, 20.0.5): 22.1.1
Operating system and version (eg, Ubuntu 20.04): Ubuntu 21.04
Apache or nginx version (eg, Apache 2.4.25): I'm using whatever's bundled with the snap package, so I'm not sure how to locate this.
PHP version (eg, 7.4): 7.4.23

The issue you are facing:

Is this the first time you’ve seen this error? (Y):

Steps to replicate it:

  1. Enter system preferences on iOS device and add “other” account
  2. Enter the server’s domain name along with my account information
  3. Click “Next”

The output of your Nextcloud log in Admin > Logging:

[PHP] Error: Cannot modify header information - headers already sent by (output started at /snap/nextcloud/28503/htdocs/3rdparty/sabre/http/lib/Sapi.php:132) at /snap/nextcloud/28503/htdocs/apps/dav/lib/Connector/Sabre/File.php#693

PUT /remote.php/webdav/Photos/[redacted].png
from [IP address] by [username] at 2021-09-16T15:07:17+00:00

[PHP] Error: Cannot modify header information - headers already sent by (output started at /snap/nextcloud/28503/htdocs/3rdparty/sabre/http/lib/Sapi.php:132) at /snap/nextcloud/28503/htdocs/apps/dav/lib/Connector/Sabre/File.php#693

PUT /remote.php/webdav/Photos/[redacted].png
from [IP address] by [username] at 2021-09-16T15:07:17+00:00

[PHP] Error: Cannot modify header information - headers already sent by (output started at /snap/nextcloud/28503/htdocs/3rdparty/sabre/http/lib/Sapi.php:132) at /snap/nextcloud/28503/htdocs/apps/dav/lib/Connector/Sabre/File.php#693

PUT /remote.php/webdav/Photos/[redacted].png
from [IP address] by [username] at 2021-09-16T15:07:17+00:00

[no app in context] Error: Expected filesize of 145733 bytes but read (from Nextcloud client) and wrote (to Nextcloud storage) 131072 bytes. Could either be a network problem on the sending side or a problem writing to the storage on the server side.

PUT /remote.php/webdav/Photos/[redacted].png
from [IP address] by [username] at 2021-09-16T15:07:17+00:00

config.php output

<?php

$snap_current = getenv('SNAP_CURRENT');
$snap_data_current = getenv('SNAP_DATA_CURRENT');

$CONFIG = array(
/**
 * Use the ``apps_paths`` parameter to set the location of the Apps directory,
 * which should be scanned for available apps, and where user-specific apps
 * should be installed from the Apps store. The ``path`` defines the absolute
 * file system path to the app folder. The key ``url`` defines the HTTP web path
 * to that folder, starting from the Nextcloud web root. The key ``writable``
 * indicates if a web server can write files to that folder.
 */
'apps_paths' => array(
	/**
	 * These are the default apps shipped with Nextcloud. They are read-only.
	 */
	array(
		'path'=> $snap_current.'/htdocs/apps',
		'url' => '/apps',
		'writable' => false,
	),

	/**
	 * This directory is writable, meant for apps installed by the user.
	 */
	array(
		'path'=> $snap_data_current.'/nextcloud/extra-apps',
		'url' => '/extra-apps',
		'writable' => true,
	),
),

/**
 * Database types that are supported for installation.
 *
 * Available:
 * 	- sqlite (SQLite3 - Not in Enterprise Edition)
 * 	- mysql (MySQL)
 * 	- pgsql (PostgreSQL)
 * 	- oci (Oracle - Enterprise Edition Only)
 */
'supportedDatabases' => array(
	'mysql',
),

'memcache.locking' => '\OC\Memcache\Redis',
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
    'host' => getenv('REDIS_SOCKET'),
    'port' => 0,
),

'log_type' => 'file',
'logfile' => $snap_data_current.'/logs/nextcloud.log',
'logfilemode' => 0640,
);

The output of your Apache/nginx/system log in /var/log/____:

nginx log is empty

This indicates that the snap is working properly.

I have no idea what’s happening here. You’re 100% sure you entered the same domain you used when visiting it in the browser?