Tom42,
I saw it solved the problem for one user but did not link it directly to Apple… getting a valid SSL cert running on small home server is either costly or a PITA. The only game in town on the cheap is Letsencrypt. Which from pasted experience is not simple to do.
Thank you for your observation and putting 2 & 2 together for me.
I can confirm, iPhones stopped synching CardDav and CalDav via Davical to our Office 2016 based backend after the IOS 12 upgrade.
At first we leaned towards an Apache2 issue, but after reading your notes here our focus has changed to IOS 12.
Our actual error is " AH01630: client denied by server configuration: /var/www/html/" this is an Apache2 error. It suggests that the server is configured incorrectly and is denying the client.
But it makes more sense that it’s Apple mangling the credentials to the server since all none iPhone IOS 12 clients are synching fine.
Hope this helps someone. Will provide update if we have success going the route of applying ssl certs to the connection.
Here is what I learned: Synchronisation (CalDAV & CardDAV) from Owncloud to IOS 10 (maybe even 11) works just fine without SSL (https), but in IOS 12 it does not. But if the connection supports SSL, it works just fine. What is a bit misleading on Apples part here, that even in IOS 12 it lets you choose between unencrypted and encrypted, without informing that the first just won’t work.
What I use: OC 10.0.9.5 on a Strato hosted server.
I entered as credentials in IOS just the domain to where Owncloud is located, not the full path, even though it says so in the out of date User Manual here:
So if I just use as server: “example.com” IOS will find the full path by itself, IF that domain is being redirected to the folder in which OC in located in. It did NOT work with “example.com/owncloud”
And remember, it is important that there is a working SSL certificate assigned to the domain “example.com”.
Any suggestions what to do if you don’t use a hosted/public OC server? Mine is at home and inaccessible from the Internet, so any CA can’t validate the cert request, which means no “official” ssl cert.
For my use case, it is sufficient if the synchronisation happens only in my private network and this can happen unencrypted from my point of view
Did any of you try https with a self-signed certificate?
Self-signed certificates work.
iOS will prompt a warning that the certificate is not trusted. Check the details and if you’re convinced its your certificate, trust it.
Warning: We lost all calendar entries from the iOS device that had not been synced to Owncloud! Back them up somewhere else before the first https synchronization
Now, let’s see when Apple/Google/Mozilla stop accepting self-signed certs…
Alex
i refused to put ios12 on my devices for some time for exactly the reason that some unpredictable undocumented features suddenly appear. however this is what works for me
IOS 9.3.5 (very old IPad mini) & IOS 11.4.1 (IPhone SE) & Owncloud 10.0.8.5 & working letsencrypt ssl-certificate
https://[your server address]/remote.php/caldav/principals/[your user name]/
I have found this server address syntax on my old mini IPad and gave it a try. To my surprise this worked, after trying all the stuff on the outdated documentary.
Update on 9/18/2019 - still not able to make ios connect - what I’ve notices is that CalDavSync (what I’ve been testing with on Outlook) shows owncloud.log entries that use PROPFIND and iOS seems to use the same things with “REPORT” as a method. Is it possible that somehow that is confusing things?
I certainly have and here are the generalized details about the certificate below. Can you tell me why iOS would find that insufficient? Certificates are issued by cPanel and backed by Sectigo (Formerly known as Comodo). All of their certificates are accepted by Apple, according to the VPS provider. I checked the site with this: https://www.sslshopper.com/ssl-checker.html#hostname=blackholeinc.net
Please don’t just tell me to get another - can you help me understand why this one wouldn’t be sufficient?
In order to log into the site from a browser, https is required and the site shows SSL required.
I’m unable to login to blackholeinc.net without using SSL. I do not know how to force it to not let you try http://blackholeinc.net. I’d adjust that if you can provide guidance.
That’s informative. I modified the top level .htaccess in my public_html directory and it still lets me get to http://blackholeinc.net (although logins do not work). When I go to https://blackholeinc.net I can successfully log in.
Since blackholeinc.net live below public_html (in 2817f/bhi) I modified that .htaccess file as well. There was already some existing rewrite rules, but they appeared to be for other things. I added the https rewrite in the “custom” section. However, it still behaves as above.
More ideas or direction? What should I be looking for in the logfile?
I appreciate the help as this part of web maintenance is still very new to me.