Nextcloud iOS app claims for secure connection

Hi guys,

Thanks in advance for any help you can provide. I have configured a nextcloud instance on a raspberry pi with Debian 11 bullseye.

Nextcloud is working perfectly fine, I have been able to connect from an Android device and also from windows clients. But when it comes to connect from iOS devices, the nightmare begins.

I got an error when trying to connect with the following message:

As you can see, the url begins with http. When using https, the following error appears:

I have tried to set up SSL for apache with a self signed certificate, but still no luck.

I am not able to use a certificate from Let’s encrypt cause the domain is only accesible from the local LAN and from the VPN, both using a custom DNS (Pi-hole).

Can anyone please let me know what can I do?

This looks like your certificate does not match the requirements set by app transport security. Check for example Apple Developer Documentation or Cocoa Keys

1 Like

Do you know which certificate could I use for ATS? Or maybe there is a way to disable ATS for the nextcloud iOS app?

Well, the requirements can be found at the links in my previous message :wink:
Disabling ATS is only possible at compile time, so no, you can’t disable it. If I’m not mistaken ATS does not apply if you try to connect via IP instead of a host name, but of course best solution is to adjust your certificates according to the documentation.

Are you talking about the files or the talk iOS app? Last time I checked ATS was not enforced on the files app, but is enforced on talk.

Apologies for my late reply.

I’m talking about Nextcloud talk app.

Regarding the certificates adjustment, the thing is that the hole infrastructure is private and only accesible from the local network and from a wireguard VPN. I didn’t want to make the domain accessible from internet, so I’m trying to find a way to use valid certificates for a private domain (the selfsigned certificates are not trusted by the app).

Any suggestions are welcome :slight_smile:

However, I’ll try the IP method, and at least I can test the app behavior on iOS

Thanks for everything @SysKeeper :blush:

Hey @aveiper

the problem is not the self signed certificate, the problem is what kind of certificate is used. Just have a look at the links and adjust the creation of your certificate accordingly :slight_smile:

I’ve been reading and trying, and still can’t make it work :frowning:

I really woud appreciate if you could tell me how to do it, cause I’m not getting what I’m missing :sob:

How do you generate the certificates at the moment ?

With OpenSSL, I’ve tried several ways, let me know if you want the specific commands.

However, as a workaround, I used the IP instead of the domain name, so from iOS devices it’s actually possible to use the app.