I Don’t Know What Went Wrong
I don’t know what went wrong nor do I know why the straight forward way to fix it did not work.
We migrated from Android to iPhone nearly four years ago. Rather than use Apple’s iCloud we continued to use our own NextCloud instance. The initial setup was easy as Apple supports both CalDav and CardDav.
But I noticed recently that contacts were no longer being synchronized to my phone. A quick test showed that they are properly synchronized between my MacBook Pro and my server. And another quick test showed that calendar items using the CalDav protocol were working between the iPhone, MacBook and the server.
So the only issue was with contacts and only on the iPhone.
I don’t know when it broke as I don’t often modify my contacts. And there have been multiple updates to both my NextCloud server and to the iPhone since I was last sure it worked.
Making Things Worse
I figured the easy way to get things going again would be to remove the CardDav account from the iPhone and then re-adding it. Removal worked as advertised.
Unfortunately, I could not add it back. The principal complaint the iPhone made was that it could not make a secure connection to my server.
Wild Goose Chase
So the first check was to verify the TLS/SSL certificates on the server. They appeared to be fine. And the MacBook had no complaints about connection errors. For that matter, the iPhone didn’t either when accessing CalDav information.
After a while I decided that the SSL/TLS error message from the iPhone was erroneous and I should start looking at the actual traffic between the phone and the server.
Where is the Traffic?
When I logged into the server and started following the access and error logs I was surprised. I could see requests and responses from various devices for both CardDav and CalDav data. But when restricting the log scan to traffic from my iPhone I saw only CalDav traffic. There appeared to be no attempt to contact my server for CardDav information when setting up the CardDav account.
So the error about being unable to establish a secure connection when setting up the CardDav account was very misleading: The phone wasn’t even trying to contact the server. I had momentary doubts about the network setup (DNS, firewall, etc.) but CalDav was working with the same server URL and I could even access the CardDav information via a web browser on the same phone.
More Web Searches
Being lazy and fairly unimaginative, a big part of my “computer fix-it” process is to search the web for the solutions that others with similar problems have come up with.
Some of them noted that Apple requires a slightly different URL and that you can deal with that with a .htaccess
file in the NextCloud root directory. I checked and mine matched the suggested patterns. And CalDav needs the same setup as CardDav and CalDav was working.
Other less logical solutions were also unsuccessful. Those did not surprise me.
A Fix or Work Around
Finally, today my search turned up an Apple support page that listed the fields used for setting up CardDav access within a .mobileconfig
file. I have some experience with Apple’s mobile contiguration files because I use that for setting up my iPhone’s VPN. And I have the Apple Configurator app on my MacBook Pro that helps with the creation of these files.
It took just a minute to create a new .mobileconfig
file which contained exactly the same server and account information I had been manually entering into the phone. I know that it is exactly the same as I was copying and pasting from my KeyPass file.
Bingo! When the contacts.mobileconfig
file was loaded into the iPhone and enabled my contacts showed up. And playing around a bit shows that they are properly synchronizing with my server.
Why does it work when configured in a mobile configuration file but not when manually entered into the iPhones CardDav setup dialog boxes? I do not know.