Bypass invalid certificate on the iOS app?

Okay, it looks like im hit with the x3-expiration (pfSense with ACME/Lets Encrypt, reverse proxy with HAProxy)
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021
For all my devices, computer android ect all works fine and the cert is valid, but not for my wifes iPhone.
I have done a renew of the certificate, and also rebooted both pfSense and the iPhone but still the iPhone is refusing to accept my certificate.
At least in the browser you can bypass it, but here is no way in the app, not even if I remove it with data and reinstall, same result.

I think an iOS update might help, but she wont because it “might be slower”

So, what now? there should be a “use untrusted server anyway” option in the app

You’re likely sending the (now-expired) root certificate in the certificate chain, which is causing iOS to reject the connection. If this is the case, pare it down to just the intermediates necessary for the connection and it will go through.

If that is not the case, you can trust a certificate system-wide in Settings > General > About > Certificate Trust Settings. You’ll need enable “full trust” on the certificate in question. You can load it here by getting the file to the device via AirDrop, a website, email, iMessage, etc.

Thanks, however I got it working by deleting this one andre reboot pfSense :slight_smile: working now

@flemmingss I had the same issue than you but after the renew of the certificate I have this error on my wife iPhone NSURLErrorDomain error -1202

Did you have the same?

yes, I think it was the same. are you running pfsense?

nope, straight http server from HA, ssl path in yml config

network port binding from docker

Any solution found? I seem to have the same. Running my own HA, but no possibility to get the iOS app running. iOS 15.1.

Nope :frowning: for a time it works with Chrome on iOS by choosing to bypass the warning message but even this does not work anymore

In my case, I had been using DuckDNS but later switched to Nabu Casa, so when the certs expired, app login’s quit working. All I had to do was remove of comment out (#)the lines in the configuration.yaml file in the http: area that pointed to the files, then reboot the machine. Only took me 2 days to figure out this 10 second fix…
http:

ssl_certificate: /ssl/fullchain.pem

ssl_key: /ssl/privkey.pem