Nextcloud 20.0.4.0 SSL issues with CalDAV on iOS 15.4.1

Hey,

Nextcloud version (eg, 20.0.5): 23.0.3
Operating system and version (eg, Ubuntu 20.04): official nextcloud container nextcloud:23.0.3-fpm in Kubernetes/Openshift
Apache or nginx version (eg, Apache 2.4.25): official container nextcloud:23.0.4-fpm and nginx v1.21.6
PHP version (eg, 7.4): as in official container nextcloud:23.0.4-fpm

we have the following issue in our organisation. Since update to iOS 15.4.1 we are not able to use the CalDAV anymore. It seem it is an SSL issue. We tried ports 8443, 443 and 80, among others, although 443 should be the right one, if I am not mistaken.
We also tried other variations of the server address. Usually the one that can be copied from the calendar app through the browser. Here is what we tried:

What kind of issue are we facing here and how can we solve it? We have been searching for solutions for 2 hours by now!

Note: The issue does not occure on the latest iPadOS (15.4.1).

Thanks a lot, for any help.

Regards Julius

Hi @JuliusC,
You are missing the required support template. Please fill this form out and edit into your post.

This will give us the technical info and logs needed to help you! Thanks.

What kind of certificate is your webserver using?

What happens, if you visit https://DOMAIN/.well-known/caldav ?

@JuliusC

Nextcloud 20.0.4.0 SSL …

If you not use extendedSupport Nextlcoud 20 and Nextcloud 21 is outdated. Please upgrade your Nextcloud installation.

But i think that is not the problem.

iOS 15.4.1

Maybe iOS has exchanged or removed a few certificates. Please check your SSL certificate. Works it fine in a browser (not a manipulated company browser with another added CA). You can also test the url of your Nextcloud in browser of your iOS smartphone. Does it works?

Dear just,

Thanks. Sorry for the miss. I am a first time user of the forum.
We will fill out the template.

Dear Bernie_O,

thanks, as well. We get the following response if we enter that address:
“This is the WebDAV interface. It can only be accessed by WebDAV clients such as the Nextcloud desktop sync client.”

Dear devnull,

unfortunately, updating things is a bit tricky in a NGO, as we rely on other open source tools and checking for compatibility with new builds is a slow process. But we can hopefully update everything soon.

It only seems to be an issue with iOS 15.4.1, as android apps and iPadOS, for example, don’t have this issue.

Regards Julius

Did you have to enter a username+password before this message was displayed?

What kind of certificate are you using? selfsigned?

Dear just & Bernie_0,

thanks for your input. I have updated the information in the original post.
Regarding the certificate, I am not sure. We are using a system (user name + password) by Feather development team. Does that help?

Regards Julius

Not really. Here are Apples requirements for trusted certificates. Make sure your certificate matches these: Requirements for trusted certificates in iOS 13 and macOS 10.15 – Apple Support (UK)

As it seems that service discovery is working, you don’t need to enter long paths in the clients. Have you tried to proceed as described in the documentation when adding an account to a caldav client?
https://docs.nextcloud.com/server/23/user_manual/en/groupware/sync_ios.html
Important:

  • delete not working caldav accounts from the device prior to setting up the new one.
  • if your nextcloud server resides in a subdirectory (e.g. www.example.com/nextcloud), still do only enter the domain as server address (which in the same example would be www.example.com).

Dear Bernie_O,

thanks a lot for the quick response. We have tried multiple approaches to (re-)add the NextCloud-calendar to peoples’ Apple-calendar, as it simply stopped working after updates.

We try to check again on the certificate issue. If I get it right, it is not due to NextCloud not providing the right certificates, but due to Apple having changed the required one, correct?

Regards Julius

Not really. It is about the webserver certificate which is delivered from your webserver when visiting your domain. And Apple raised the requirements for those certificates. The raised requirements need to be fulfilled by the certificate your webserver is delivering for synchronisation to work.

But I actually doubt that the certificate is the problem since you have clients which do sync with the latest iPadOS version.

Hey,

we were able to solve the problem. We figured out some settings and procedural necessities.

1st:
Calender seems to get out of synch after update to iOS 15.4.1. But not for everyone.

  • This depends on whether “Background App Refresh” is turned on for the Apple Calendar app.
  • Port 443 is the correct one, which should also be the default one.

2nd:
If “Background App Refresh” was turned off for the Apple Calendar app, it is sufficient for to open the app once to make an initial connection to the server. That means you can save the CALdav account settings as they are, although you might receive an error on the SSL connection (which is due to the failed background app refresh for the calendar). Afterwards you can open the calendar app and wait some seconds. After that, the CALdav calendar shows up as usual.

3rd:
Make sure to do a restart of the phone after deleting and before re-adding a CALdav account.

Hope this helps. Thanks also for all the responses.

Regards Julius

2 Likes

Thank you very much.
I succeeded with the calendar, but not with the contacts