Self-signed certificates,
the home-lab login killer.
A server that works in your desktop browser can still fail on iPhone: iOS enforces stricter transport security than a browser where you clicked past a warning. Here is what reliably works.
Last verified
01
Why the browser works and the app does not
On the desktop you accepted the certificate warning once, and the browser remembered. iOS apps go through Apple's transport security, which requires a certificate the system actually trusts: complete chain, matching hostname, valid dates. A bare self-signed certificate fails those checks before the app sees a single byte of Deck data.
02
The fix that removes the problem class: a real certificate
A free Let's Encrypt certificate on a public hostname makes every device trust your server with zero per-device setup. If your Nextcloud must stay unreachable from the internet, a DNS-01 challenge issues valid certificates without exposing anything: your reverse proxy (Caddy, Traefik, Nginx Proxy Manager) proves domain ownership through your DNS provider instead of an open port.
03
If you must keep a private certificate authority
Install your CA's root certificate on the iPhone (Settings, General, VPN & Device Management), then enable full trust for it under Settings, General, About, Certificate Trust Settings. Both steps are required; the second is the one everyone misses. The server certificate must be issued by that CA with the exact hostname you type into the app.
04
Checks before blaming the certificate
Open the server URL in Safari on the iPhone itself. Safari's error tells you which rule is broken: untrusted issuer, hostname mismatch, or expired. If Safari on the phone loads the site cleanly with a lock icon, certificates are fine and your problem is elsewhere, usually DNS or reachability.
FAQ
Practical questions
Can Deckloud just ignore certificate errors?
Does Let's Encrypt work for a LAN-only server?
Why did it stop working after months of working?
Related
Troubleshoot Nextcloud Deck, from server reachability to sync recovery.
Troubleshoot Nextcloud Deck login, sync, comments, attachments, board creation permissions, and offline recovery in Deckloud.
OpenLogin problems usually start before Deck.
Troubleshoot Nextcloud Deck login on iPhone with server URL, Login Flow v2, app passwords, and Deck app availability checks.
OpenDeckloud keeps your Deck data between your device and your server.
How Deckloud protects Nextcloud Deck data with direct server sync, iOS Keychain credentials, no relay backend, and no ad SDK.
Open