[TriLUG] [Semi-OT] iOS randomly hates my certificate
Jack Hill via TriLUG
trilug at trilug.org
Tue Aug 1 15:22:12 EDT 2023
On Tue, 1 Aug 2023, Brian via TriLUG wrote:
> Hi Gang,
>
> Tangentially related because my server is Debian! Seemingly randomly,
> my iPhone (iPhone 7, iOS 15.7.7) complains that it can't verify the
> identity of my mail server, undecidedgames.net. When I tap the button
> for details and view the certificate, there's nothing wrong with it.
> Not expired, no CN/SAN mismatch, etc., and 99 times in 100, the
> transaction with the server works just fine with no SSL errors.
>
> (Okay, this actual time it was that the certificate expired like, 30
> minutes ago...but it happens more often than that!)
>
> I'm wondering if anyone else in this group has encountered this issue
> and understands a cause or knows a solution.
Brian,
Only happening sometimes is the weird part for me. Otherwise, I think you
might be missing some intermediate cert (or have an old certificate chain;
letsencrypt updated it at some point when the root certificate they used
expired), I can reproduce it locally with webkit/libsoup browsers on Linux
that use the system's trust store. I think Chromium and Firefox had
additional trusted certs that are farther down the chain. At any rate, if
that's it, I would expect problems all the time, not intermittently.
Oh, I see now you were asking about your mail server. I only looked at
your https certificate. Maybe the same applied?
Best,
Jack
More information about the TriLUG
mailing list