Why is my TLS certificate not accepted?

If your server uses HTTPS (HTTP over TLS) and the certificate is not automatically accepted in DAVx⁵

You will always have to manually accept the certificate (either over a popup in DAVx⁵ or over the notification) if

  • it is self-signed, or
  • it is signed by a custom CA that is not on your Android phone, or
  • the "Distrust system certificates" DAVx⁵ setting is enabled.

If you're using a normal public certificate (typically issued by Let's Encrypt or a commerical certificate provider), first check whether the certificate itself is valid (issued for the correct host name, not expired, etc). Use a browser to access the HTTPS URL – if you get a certificate error, it's a certificate problem. (If you get an error message that is not a certificate error, it's not a problem.)

If the certificate is valid and works in your browser but not in DAVx⁵, the certificate chain which is sent by the server may be incomplete. Browsers include various intermediate certificates to improve compatibility, but many of these intermediate certificates are not installed by default on Android devices. Make sure that the certificate chain is complete. You can check with

  • curl https://your.server — if you get an HTTPS error, DAVx⁵ won't accept the certificate automatically, too.
  • Qualys SSL Server Test (very verbose, but only works for default port 443; have a look at the certificate chain)
  • geocerts SSL Installation Checker (works for other ports too; have a look at the certificate chain)

In some rare cases, it can also be a problem that there is no intersection of supported encryption protocols/ciphers between DAVx⁵ and the server. DAVx⁵ uses Conscrypt to provide modern encryption protocols/ciphers even for older Android devices.

You can always have a look at the verbose logs to find the exact error message from the TLS stack.