Certificate chain works on all clients except iOS since update to security fix iOS 18.1.1. iOS now rejects the certificate. The reason is not clearly stated in the error message.
Does anyone experience the same problem? Any ideas? Certificate still works with iOS versions up to 18.1 and a variety of macOS, Windows, Debian GNU/linux, Ubuntu MUAs including offlineimap, Thunderbird, Outlook, etc.
Have you tried Apple’s iOS forums or Apple’s iOS support channels?
After all it’s Apple’s change that produced the issue.
My iPhone is on 18.1.1, and my mail server is using a Let's Encrypt cert. No problems here. Perhaps if you'd share the error message and the hostname in question, we could find something.
Wouldn't shock me if it's something along the lines of the server not sending the right intermediate (or a similar problem that clients can sometimes work around), and a change in the OS (or just the update clearing a cache or the like) means that the client is no longer figuring out how to work around the misconfiguration.
Just a wild guess, but it's hard to know more without the hostname & port or an actual trace of the connection attempt.
I had the same problem - "Unable to create a secure connection to the server ("bad certificate format" -9,808)" on iPhone after upgrade to iOS 18.1.1.
After much fiddling with the certificate, and despite what it says in the error message it appears to be nothing to do with the certificate - instead it appears that iOS now requires TLS1.2 which my server did not support.
As an emergency kludge ahead of upgrading the server, I used stunnel to put a TLS1.2-capable front end on the existing IMAP server.