Web browsers accept my Nextcloud's SSL certs, Nextcloud clients don't

Hi there,
I have a rather odd problem where Firefox (desktop Linux and Android) and Chromium accept the Let’s Encrypt SSL certificate associated with my Nextcloud subdomain, but every client I’ve tested (Desktop Linux, Android, ownCloud Notes, own Note ) all refuse to recognize the certificate with various error messages:

ownCloud News for Android says: “Trust anchor for certification path not found”

Nextcloud desktop says: “The issuer certificate of a locally looked up certificate could not be found
No certificates could be verified”

Nextcloud Android says: “The server certificate is not trusted”

I’ve confirmed the certificate fingerprints are the same in all cases, yet the browsers all accept it and the apps all reject it (even when two are on the same device, eg FIrefox for Android and Nextcloud Android app).

Any ideas @Andy / @LukasReschke / anyone else?

1 Like

I am not to much into certificates.
@oparoz any idea? You are the expert on this I think.

Would be helpful if you post some Information about the system on which Nextcloud is running on.

Maybe a URL would be Helpful so we can see the Certificate.

Did you install the Certificate with Let’z Encrypt’s Certbot?
If yes. Did you run a “service apache2 restart” afterwards.

Do you use the same url in the Clients as in the Browser?

Maybe your Windows System has stored an old Zertificate for this Website in his own Storage.
Open certmgr.msc in a runbox and search for it.

Afterward uninstall all clients, restart system and reinstall clients.

OK, I got it figured out. I was installing the certificate/key manually, and it turned out that I used cert.pem that CertBot generates where I should have been using fullchain.pem instead. I fixed that, restarted nginx and now everything works perfectly on all clients.

Thanks for your help @Andy / @Andrew_Middleton and hopefully this post helps someone else out in the future. :slight_smile: