I’m serving a webdav/nextcloud server from docker container on a singleboard armbian machine running with letsencrypt in a separate container. Nginx v 1.16.1.
The server works fine, when i access the server from iOS (always via public dns-domain even when on LAN to get the certificate to appear right), but not when i airplay to neither AppleTV (3. gen) nor airport express.
I know that the airplay protocol will try and “give away” the entire https-stream to the appleTV, because it works, if i download the file before streaming to airplay (in this way appleTV is not communicating to my server, but only iPhone).
Also i have managed to get the setup working with Charles debugging proxy as an intermediate (webdav -> Charles -> iOS -> Charles -> appleTV), that replaces the SSL-certificate, which leads me to believe, that the certificate is the root of the problem. If i turn off wifi from the phone after the airplay has been initiated (directly from webdav) the music keeps on playing - another proof, that the stream is transferred to the AppleTV.
I have tried to add the fullchain.pem directly to the iPhone with no success. I believe that the problem is either, that the older units (appleTV/airport express) haven’t been updated to trust the Let’s Encrypt Authority X3, or that they don’t support TLS 1.2 which is the oldest version, my setup supports.
The ladder i deduct from the difference between the functioning public test-server i’ve used and my own certificate:
Any thoughts or help?