I use a self-signed certificate to access a service that I host at home. In Nixos 25.05, I wrote this in my configuration file, which worked without any problems:
security.pki.certificateFiles = [
/etc/ssl/certs/cert.pem
];
However, after updating to 25.11, I am receiving a certificate error (error: InvalidCertificate).
It is about a freshrss instance and I want to access it with the Newsflash App.
Does anyone have an idea how I can make it work again?
Can you share more of your configuration (please use a code block), and double check with the openssl command that both the cert served by your service and that .pem file match?
I checked and there wasn’t any change done to this option. The custom-ca tests are green in both master and 25.11, so it should be working. Are you sure your certificate is valid?
thanks for the quick replies! I checked the certificate again, it is the right one and also valid. It also works on other devices for this service (debian computer, android phone). I did not do any changes in the config file before this problem occurred the first time. As I said, it came with the upgrade to 25.11.
I wonder if it is some kind of sandboxing issue? I also had it when I installed newsflash over flatpak on a debian machine (installing it via snapstore worked then). I can also share more parts of the configuration, but I don’t really now what is relevant. Could you @TLATER please give more information for that?