[SOLVED] DSM Mobile with Let's Encrypt SSL not accepted on iOS 12.4

My domain is: mvsyndrive.mercervalve.net:5001 (must use port 5001)

I ran this command: NA

It produced this output: NA

My web server is (include version): Whatever drives Synology DSM Mobile.

The operating system my web server runs on is (include version): ?

My hosting provider, if applicable, is: Synology appliance
#################################################

Using Synology DSM Mobile to share files. We chose a certificate from Let’s Encrypt. IT all seems to go okay. It shows trusted on desktop browsers and android but opening the same link on iOS 12.4 in Safari gives an untrusted certificate message. Checking the certificate it is serving the LE certificate.

device: DS1618+
version: DSM 6.2.2-24922 Update 3

Mobile device is iPhone 7 with iOS 12.4

Ideas on why this breaks on iPhone?

Hi @netjess,

Welcome to the community forum!

Edit: Aha, I was testing port 443 isntead of 5001.

Thanks @JuergenAuer

Hi @netjess

checking your port 5001 - there is a certificate - https://check-your-website.server-daten.de/?q=mvsyndrive.mercervalve.net%3A5001

But the certificate

CN=mvsyndrive.mercervalve.net
	25.06.2019
	23.09.2019
expires in 11 days	mvsyndrive.mercervalve.net - 1 entry

is revoked:

Revoked: The certificate is revoked.

My Windows-FireFox blocks the certificate too

SEC_ERROR_REVOKED_CERTIFICATE

PS: Chrome accepts the certificate - a few hours later ... may be blocked.

Testing 443 will reflect our WatchGuard firewall.

Not sure why your showing it revoked. It does not show revoked on any of my test devices.
Also shows okay here:
https://www.sslshopper.com/ssl-checker.html#hostname=mvsyndrive.mercervalve.net:5001

On a Synology forum I found someone saying that you have to export the cert (full path and key) and import them to the device. That ain’t gonna happen.

https://community.synology.com/enu/forum/17/post/112141?reply=370490
“If you are connecting from an iPhone or iPad, you’ll need to install the certificates on the iPhone or iPad in order to get a secure connection.
Do this by exporting them (Control Panel/Security/Certificate/Export Certificates) and emailing cert.pem and chain.pem to yourself. Fetch that email from the iPhone or iPad, and select the certificates from within the email program. The iPhone or iPad will recognize them as certificates and ask you for permission to install them. Once those are installed, you can enjoy SSL connections to the NAS using DS Cloud, DS Note, etc. from the iPhone/iPad.”

Something I don’t get is, we have another server https://alertus.mercervalve.net that is accepted on the iPhone just fine.
??

Then this tool

is incomplete.

net1041×751 77.7 KB

PS: Now - 40 minutes later - Chrome shows the certificate as revoked.

NET::ERR_CERT_REVOKED

You were correct sir. reinstalled certificate and now it works on the iPhone.
https://crt.sh/?id=1876983337&opt=ocsp

Wonder why it showed okay in all my other browsers if it was revoked?

Thank you. I am going to bookmark that tool for sure.

FireFox -> revoked.

Chrome -> ok, one hour later -> revoked.

Why? I don't know.

The "check-your-website" checks the revocation status.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.