element-hq
Cannot connect to HTTPS homeserver with valid cert, well-known
Steps to reproduce
- Set up a self-hosted homeserver with trusted SSL certificates (Let's Encrypt).
- Add a .well-known/matrix/client entry with m.homeserver.base_url set properly to https://server:port.
- Open Element iOS and select "I already have an account".
- Edit where your conversations live, and type your server hostname.
Cannot send logs as the shake-to-log feature does not work on the login screen. Cannot determine Element iOS version because the settings menu is not accessible until logged in. Assuming 1.11.9.
Outcome
What did you expect?
Element iOS is able to proceed to the login screen. The same configuration works on the web and on the desktop app. Android not tested.
What happened instead?
Element iOS times out for several minutes before erroring with a cannot connect message.
Your phone model
iPhone 13 Pro
Operating system version
iOS17.4.1
Application version
Cannot get to the version page; assuming 1.11.9
Homeserver
guardiansgate.games
Will you send logs?
No
{
"WellKnownResult": {
"m.server": "matrix.guardiansgate.games:8448",
"CacheExpiresAt": 0
},
"DNSResult": {
"SRVSkipped": true,
"SRVCName": "",
"SRVRecords": null,
"SRVError": null,
"Hosts": {
"matrix.guardiansgate.games": {
"CName": "falchion.pilot.ninja.",
"Addrs": [
"47.144.68.216"
],
"Error": null
}
},
"Addrs": [
"47.144.68.216:8448"
]
},
"ConnectionReports": {
"47.144.68.216:8448": {
"Certificates": [
{
"SubjectCommonName": "guardiansgate.games",
"IssuerCommonName": "R3",
"SHA256Fingerprint": "fuhxyA94pLihBEvjDwXdbhff7ODKqzE5FTUqhxGbbTc",
"DNSNames": [
"*.guardiansgate.games",
"guardiansgate.games"
]
},
{
"SubjectCommonName": "R3",
"IssuerCommonName": "ISRG Root X1",
"SHA256Fingerprint": "Z63RFmsCCuYbj1/JaBPATCqliZYHloZVcqPH5zdhPf0",
"DNSNames": null
}
],
"Cipher": {
"Version": "TLS 1.3",
"CipherSuite": "TLS_AES_256_GCM_SHA384"
},
"Checks": {
"AllChecksOK": true,
"MatchingServerName": true,
"FutureValidUntilTS": true,
"HasEd25519Key": true,
"AllEd25519ChecksOK": true,
"Ed25519Checks": {
"ed25519:a_sYTT": {
"ValidEd25519": true,
"MatchingSignature": true
}
},
"ValidCertificates": true
},
"Errors": [],
"Ed25519VerifyKeys": {
"ed25519:a_sYTT": "AdaAhO1l9vBWLlgi8xianAU0XEsr/kYZzgegVaab5b0"
},
"Info": {},
"Keys": {
"old_verify_keys": {},
"server_name": "guardiansgate.games",
"signatures": {
"guardiansgate.games": {
"ed25519:a_sYTT": "5FaeCPwbnfT9bZzbhRdqNLNRjxM1fU6IijUNuogbWMLbV7uZ6F/hmPUDjEWtVsDUOZF1Ppxy9s85zNlLQ5ssBQ"
}
},
"valid_until_ts": 1714510708251,
"verify_keys": {
"ed25519:a_sYTT": {
"key": "AdaAhO1l9vBWLlgi8xianAU0XEsr/kYZzgegVaab5b0"
}
}
}
}
},
"ConnectionErrors": {},
"Version": {
"name": "Synapse",
"version": "1.105.0"
},
"FederationOK": true
}
I have the exact same error, federation-test is also ok, web and desktop clients work fine.
My .well-known/matrix/client (censored):
{"m.homeserver":{"base_url":"https://chat.example.com/"},"io.element.e2ee":{"default":false,"secure_backup_required":false}}
My .well-known/matrix/server (censored):
{"m.server":"chat.example.com:443"}
The red error message is: No server found under this URL.
At least in my case, I found the error: iCloud Private Relay (or any other traffic intercepting functionality on the device itself). Disabling it did the trick, after that it was possible to connect to the home matrix server without any issues.
I have two iOS clients who have the same issue--Android, Mac, web, etc. all clients connect, well-known is served correctly, only iOS devices fail.
