Nextcloud only with http

Bug Reports
#1

REPRODUCIBILITY (% or how often): 100%
BUILD ID = OS VERSION (Settings > About product): 4.0.1.48
HARDWARE (XA2, Xperia 10…): Xperia 10
UI LANGUAGE: DE
REGRESSION: (compared to previous public release: Yes, No, ?): No

DESCRIPTION:

Nextcloud Account in Sailfish UI fully works via http but not via https

PRECONDITIONS:

Fresh Nextcloud Account & Fresh Nextcloud Instance with Apache 2.4 & Fresh Nextcloud User

PRODUCE:

If I am setting up a Nextcloud Account using no encryption ( http://mydomain.com) everthing
works fine.
If I am setting up the Account using https, Galerie is not showing the nextcloud folder .
Backup is showing : unable to connect to server.
but i am still able to upload images via Galerie --> sharing --> nextcloud-account --> Photos

Nextcloud Andriod app works fine with https://mydomain.com

What coul’d be wrong ? I would like to have the Backup function and Galerie folder for nexcloud.

EXPECTED RESULT:

Both Account creations should behave the same, regardless of whether https or http.

ACTUAL RESULT:

Described above

ADDITIONAL INFORMATION:

(Please ALWAYS attach relevant data such as logs, screenshots, etc…)

#2

This is definitely not the case with my instance of Nextcloud, are you sure your certificate is OK and you have included the full chain in your webserver configuration?
Could you dig journal logs? They ought to say whether you are having an SSL issue. Also, you could configure SFOS to ignore SSL errors, which would demonstrate that your certificate is not configured properly.
As for Android, well, I have no idea. I wouldn’t trust that as a reference.

#3

Hey Gabriel
Thanks a lot for your answer.
Indeed the fullchain had to be included in Apache.
I still couldn’t understand because I had configured the chain, key and crt files.
Calendars on the Nextcloud I could import via the separate CalDav accounts in Sailfish OS.
Https via browser had also worked.
Well, thanks for the quick help & best regards
Stephan

#4

Glad it got resolved, you could mark this thread as solved (somehow :slight_smile: ).
And, yes, it seems like some clients make a better effort at validating a TLS connection than others, or highly depends on the underlying libraries they utilise.
Personally, I always include the full chain as it seems to make everybody happy.