SSL certificate rejected by NextCloud desktop app, accepted by browser

I have a NextCloud install on a small centOS server running perfectly for months. SSL certs are provided by Let’s Encrypt and renewed without problem.

Today there was a renewal, and the new cert is accepted by Mac browsers (I can access NC as usual) but it is rejected by the macOS Nextcloud desktop app: “The issuer certificate of a locally looked up certificate could not be found”

Seems linked to the new intermediate (“R3”) of Let’s Encrypt certs. But why is the problem specific to the Nextcloud desktop app?
Any idea welcome.

Same problem for my Debian 10 server running Nextcloud 20 with letsencrypt SSL.

  • MacOS desktop client complains about the certificate.
  • Android client can’t synchronize.

On December 15th, the certbot-auto script was deprecated.
I do not know if this is linked.

I can confirm - this is a bad issue. I rolled back my old but not yet expired certificate which gives me a few days until in breaks again.

Does anyone know whether the nextcloud developers are aware of this issue?

I stepped onto this just today. Our Windows clients are showing certificate issues, which could be related to the expiring letsencrypt intermediate certificates. But those clients are recent Windows 10 machines.

So any idea how to solve this other then just confirming this?

Probably has something to do with which certificates the various programs are using. Your operating system will have a set of certificates that can be used, and some software you install will come with its own set for it to use itself.

So say for example that your OS has out of date certificates and that the NC “desktop application” uses those, then it will have a certificate failure. Now the other situation may be that you have a web browser, for example firefox, which bundles its own certificates and therefore will work as expected.