Login to self hosted nextcloud: invalid TLS certificate (tough it should be trusted)

Hello everyone,

I just switched to fedora 43 (workstation with gnome) and I finally got my self hosted nextcloud instance running. Since my services are not reachable from the internet, I do have a caddy reverse proxy with a custom certificate authority.

I imported the custom root certificate with .pem format into /etc/pki/ca-trust/ and then ran the command sudo update-ca-trust. There is no error message.

But when I try to connect my nextcloud instance in gnome settings, it tells my the TLS-certificate in invalid and won’t let me connect.

The certificate is trusted and HTTPS is running fine in firefox, (manually imported in firefox) so I guess the issue comes from gnome settings (or the mechanism that is responsible for connecting to nextcloud) not trusting my certificate?

Someone here can help me to dive deeper into this?

Bildschirmfoto vom 2026-01-15 21-57-49 (Bearbeitet)688×700 34.8 KB

I think you are supposed to store the cert at /etc/pki/ca-trust/source/anchors/?

Does openssl verify -show_chain /etc/pki/ca-trust/source/anchors/<your-crt-file> show that the whole certificate chain is trusted?

P.S. This might be relevant: openssl verify returns ok but certificate is untrusted · Issue #21870 · openssl/openssl · GitHub

So you made a custom certificate for the reverse proxy, and added it to your trust store. But is the screenshot suggesting that you add an account on MS365? As this is a web service, it might not trust your certificate, and you need e.g. a LetsEncrypt certificate to get it running.

Sorry if I did understand wrong what is going on.

Hi @glb, thanks for making me check the path again.

I moved the cert to /etc/pki/ca-trust/soure/anchors/ and ran update-ca-trust again. Now it works perfectly fine!