Okay, it looks like im hit with the x3-expiration (pfSense with ACME/Lets Encrypt, reverse proxy with HAProxy) https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021
For all my devices, computer android ect all works fine and the cert is valid, but not for my wifes iPhone.
I have done a renew of the certificate, and also rebooted both pfSense and the iPhone but still the iPhone is refusing to accept my certificate.
At least in the browser you can bypass it, but here is no way in the app, not even if I remove it with data and reinstall, same result.
I think an iOS update might help, but she wont because it “might be slower”
So, what now? there should be a “use untrusted server anyway” option in the app
You’re likely sending the (now-expired) root certificate in the certificate chain, which is causing iOS to reject the connection. If this is the case, pare it down to just the intermediates necessary for the connection and it will go through.
If that is not the case, you can trust a certificate system-wide in Settings > General > About > Certificate Trust Settings. You’ll need enable “full trust” on the certificate in question. You can load it here by getting the file to the device via AirDrop, a website, email, iMessage, etc.
In my case, I had been using DuckDNS but later switched to Nabu Casa, so when the certs expired, app login’s quit working. All I had to do was remove of comment out (#)the lines in the configuration.yaml file in the http: area that pointed to the files, then reboot the machine. Only took me 2 days to figure out this 10 second fix…
http:
working now
for a time it works with Chrome on iOS by choosing to bypass the warning message but even this does not work anymore