[BUG] Android version don't lets you enable self-signed SSL certificates #1717

New Issue

OVERLORD · 2026-02-05T03:19:45+03:00

OVERLORD commented

2026-02-05 03:19:45 +03:00

Originally created by @br4yd on GitHub (Dec 3, 2023).

The bug

It is not possible to toggle the switch in the app settings on Android to allow self-signed SSL certificates, which makes it impossible to login to the instance for some setups where a signed SSL certificate is not possible on the server side.

The OS that Immich Server is running on

Synology DSM 7.2-64570 Update 1 (Container Manager)

Version of Immich Server

v1.89.0

Version of Immich Mobile App

v1.89.0

Platform with the issue

Server
Web
Mobile

Your docker-compose.yml content

version: "3.8"

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    command: ["start.sh", "immich"]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    ports:
      - 3001:3001
    depends_on:
      - redis
      - database
      - typesense
    restart: always

  immich-microservices:
    container_name: immich_microservices
    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
    # extends:
    #   file: hwaccel.yml
    #   service: hwaccel
    command: ["start.sh", "microservices"]
    volumes:
      - ${UPLOAD_LOCATION}:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - .env
    depends_on:
      - redis
      - database
      - typesense
    restart: always

  immich-machine-learning:
    container_name: immich_machine_learning
    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
    volumes:
      - ./model-cache:/cache
    env_file:
      - .env
    restart: always

  typesense:
    container_name: immich_typesense
    image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd
    environment:
      - TYPESENSE_API_KEY=${TYPESENSE_API_KEY}
      - TYPESENSE_DATA_DIR=/data
      # remove this to get debug messages
      - GLOG_minloglevel=1
    volumes:
      - ./tsdata:/data
    restart: always

  redis:
    container_name: immich_redis
    image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3
    restart: always

  database:
    container_name: immich_postgres
    image: postgres:14-alpine@sha256:28407a9961e76f2d285dc6991e8e48893503cc3836a4755bbc2d40bcc272a441
    env_file:
      - .env
    environment:
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_DB: ${DB_DATABASE_NAME}
    volumes:
      - ./pgdata:/var/lib/postgresql/data
    restart: always

Your .env content

# You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables

# The location where your uploaded files are stored
UPLOAD_LOCATION=./library

# The Immich version to use. You can pin this to a specific version like "v1.71.0"
IMMICH_VERSION=v1.89.0

# Connection secrets for postgres and typesense. You should change these to random passwords
TYPESENSE_API_KEY=some-random-text
DB_PASSWORD=XXX

# The values below this line do not need to be changed
###################################################################################
DB_HOSTNAME=immich_postgres
DB_USERNAME=XXX
DB_DATABASE_NAME=immich

REDIS_HOSTNAME=immich_redis

Reproduction steps

1. Open the mobile app on Android
2. Click on the settings gear
3. Scroll down to the last main category and expand it ("Sonstige" in German)
4. Try to enable self-signed SSL certificates. Trying to enable it does nothing or instantly disables it

Additional information

No response

Originally created by @br4yd on GitHub (Dec 3, 2023). ### The bug It is not possible to toggle the switch in the app settings on Android to allow self-signed SSL certificates, which makes it impossible to login to the instance for some setups where a signed SSL certificate is not possible on the server side. ### The OS that Immich Server is running on Synology DSM 7.2-64570 Update 1 (Container Manager) ### Version of Immich Server v1.89.0 ### Version of Immich Mobile App v1.89.0 ### Platform with the issue - [ ] Server - [ ] Web - [X] Mobile ### Your docker-compose.yml content ```YAML version: "3.8" services: immich-server: container_name: immich_server image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} command: ["start.sh", "immich"] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env ports: - 3001:3001 depends_on: - redis - database - typesense restart: always immich-microservices: container_name: immich_microservices image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} # extends: # file: hwaccel.yml # service: hwaccel command: ["start.sh", "microservices"] volumes: - ${UPLOAD_LOCATION}:/usr/src/app/upload - /etc/localtime:/etc/localtime:ro env_file: - .env depends_on: - redis - database - typesense restart: always immich-machine-learning: container_name: immich_machine_learning image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} volumes: - ./model-cache:/cache env_file: - .env restart: always typesense: container_name: immich_typesense image: typesense/typesense:0.24.1@sha256:9bcff2b829f12074426ca044b56160ca9d777a0c488303469143dd9f8259d4dd environment: - TYPESENSE_API_KEY=${TYPESENSE_API_KEY} - TYPESENSE_DATA_DIR=/data # remove this to get debug messages - GLOG_minloglevel=1 volumes: - ./tsdata:/data restart: always redis: container_name: immich_redis image: redis:6.2-alpine@sha256:70a7a5b641117670beae0d80658430853896b5ef269ccf00d1827427e3263fa3 restart: always database: container_name: immich_postgres image: postgres:14-alpine@sha256:28407a9961e76f2d285dc6991e8e48893503cc3836a4755bbc2d40bcc272a441 env_file: - .env environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} volumes: - ./pgdata:/var/lib/postgresql/data restart: always ``` ### Your .env content ```Shell # You can find documentation for all the supported env variables at https://immich.app/docs/install/environment-variables # The location where your uploaded files are stored UPLOAD_LOCATION=./library # The Immich version to use. You can pin this to a specific version like "v1.71.0" IMMICH_VERSION=v1.89.0 # Connection secrets for postgres and typesense. You should change these to random passwords TYPESENSE_API_KEY=some-random-text DB_PASSWORD=XXX # The values below this line do not need to be changed ################################################################################### DB_HOSTNAME=immich_postgres DB_USERNAME=XXX DB_DATABASE_NAME=immich REDIS_HOSTNAME=immich_redis ``` ### Reproduction steps ```bash 1. Open the mobile app on Android 2. Click on the settings gear 3. Scroll down to the last main category and expand it ("Sonstige" in German) 4. Try to enable self-signed SSL certificates. Trying to enable it does nothing or instantly disables it ``` ### Additional information _No response_

OVERLORD closed this issue

2026-02-05 03:19:46 +03:00

OVERLORD commented

2026-02-05 03:19:51 +03:00

@shenlong-tanwen commented on GitHub (Dec 5, 2023):

Can you try reinstalling the app and check if you can toggle the button then? It can be toggled only before logging in.

@shenlong-tanwen commented on GitHub (Dec 5, 2023): Can you try reinstalling the app and check if you can toggle the button then? It can be toggled only before logging in.

OVERLORD commented

2026-02-05 03:19:56 +03:00

@br4yd commented on GitHub (Dec 7, 2023):

Tried reinstalling the app but no I still can't toggle it.

Edit: Worked after cleaning cache and user data. However IMO you should be able to toggle this setting even without doing this. It doesn't make sense from a UX perspective to make it impossible to toggle that setting without reinstalling the app. Especially because the toggle is showed as "I'm toggable".

@br4yd commented on GitHub (Dec 7, 2023): Tried reinstalling the app but no I still can't toggle it. **Edit:** Worked after cleaning cache and user data. However IMO you should be able to toggle this setting even without doing this. It doesn't make sense from a UX perspective to make it impossible to toggle that setting without reinstalling the app. Especially because the toggle is showed as "I'm toggable".

OVERLORD commented

2026-02-05 03:20:00 +03:00

@NextBlaubeere commented on GitHub (Feb 8, 2024):

I was also effected by this bug, because I changed internal domain name.

@NextBlaubeere commented on GitHub (Feb 8, 2024): I was also effected by this bug, because I changed internal domain name.

OVERLORD commented

2026-02-05 03:20:08 +03:00

@veritas06 commented on GitHub (Mar 21, 2024):

The iOS app v.1.99.0 has the same issue.

@veritas06 commented on GitHub (Mar 21, 2024): The iOS app v.1.99.0 has the same issue.

OVERLORD commented

2026-02-05 03:20:11 +03:00

@BoreasMun commented on GitHub (Mar 23, 2024):

Reinstalled the app, somehow managed to switch on this toggle, but error still persist.

Error toast message:
There was an Handshake Exception with the server. Enable self-signed certificate support in the settings if you are using a self-signed certificate.

Error log:
Failed to resolve endpoint. HandshakeException: Handshake error in client (OS Error: TLSV1_ALERT_ACCESS_DENIED(tls_record.cc:592)

Android v1.99.0

@BoreasMun commented on GitHub (Mar 23, 2024): Reinstalled the app, somehow managed to switch on this toggle, but error still persist. Error toast message: `There was an Handshake Exception with the server. Enable self-signed certificate support in the settings if you are using a self-signed certificate.` Error log: `Failed to resolve endpoint. HandshakeException: Handshake error in client (OS Error: TLSV1_ALERT_ACCESS_DENIED(tls_record.cc:592)` Android v1.99.0

OVERLORD commented

2026-02-05 03:20:16 +03:00

@jfly commented on GitHub (Jul 1, 2025):

I'm experiencing the same issue described above by @br4ydv: logging out of immich isn't enough to enable this toggle, I need to clear cache and user storage as well. This is pretty much impossible to figure out until you stumble on this thread.

IMO, this should either be enabled, or at least include an in-app explanation for why it's disabled.

@jfly commented on GitHub (Jul 1, 2025): I'm experiencing the same issue described above by @br4ydv: logging out of immich isn't enough to enable this toggle, I need to clear cache and user storage as well. This is pretty much impossible to figure out until you stumble on this thread. IMO, this should either be enabled, or at least include an in-app explanation for why it's disabled.

OVERLORD commented

2026-02-05 03:20:24 +03:00

@darunohito commented on GitHub (Oct 21, 2025):

Might be an odd workaround that doesn't require clearing the cache/storage. I'm not sure if it's repeatable yet.

Log out of the app
Check the Advanced Settings; if the option to enable self-signed certs is greyed out, close out of the app fully (I just had to swipe it off to exit)
Reopen the app and open the settings. The button magically unlocked, for whatever reason.

Perhaps the app cache remembers that it's connected to an http endpoint and doesn't allow you to enable the cert option until the cache is cleared? Not sure.

@darunohito commented on GitHub (Oct 21, 2025): Might be an odd workaround that doesn't require clearing the cache/storage. I'm not sure if it's repeatable yet. 1. Log out of the app 2. Check the Advanced Settings; if the option to enable self-signed certs is greyed out, close out of the app fully (I just had to swipe it off to exit) 3. Reopen the app and open the settings. The button magically unlocked, for whatever reason. Perhaps the app cache remembers that it's connected to an http endpoint and doesn't allow you to enable the cert option until the cache is cleared? Not sure.

Sign in to join this conversation.

Branches Tags

main

feat/asset-file-apis

chore/translations

fix/web-switch-label-clickable

fix/web-people-hidden-state

renovate/typescript-projects

release/next

fix/timezones

fix/time-zone-upserts

midzelis/wip

push-zpwsovysllvn

push-nwxlpmyzkyrl

push-nvnkszuqwppm

renovate/github-actions

push-smstsuupsowp

refactor/adaptive_image

push-olwpzvrxnomt

push-lmxsupnmxspl

renovate/machine-learning

feat/web-chromecast-video-looping

feat/use-native-clients

renovate/flutter

fix/create-face-edited

fix/mobile-ios-mtls

docs/contributing

docs/mise-mobile

renovate/grafana-monorepo

feature/bottom-buttons-order

feat/immich-mobile-ui-showcase

refactor/consolidate-image-requests

renovate/connectivity_plus-7.x

renovate/major-vitest-monorepo

renovate/pypi-python-multipart-vulnerability

fix/mobile-people-query

sqlite_thumbs

feat/html-text

chore/no-macro-validation

refactor/purchase-store

uhthomas/mobile-fix-app-bar-fade

uhthomas/mobile-fix-asset-jump

feat/pano-ocr

feat/shared-link-login

fix/database-backup-db-names

fix-keep-correct-ios-shared-album-asset

fix-memory-generation-and-display

feat/verify-permissions

refactor/album-service-small-tests

fix/ml-rocm-build

fix/flipped-dimensions-mobile

push-vpxwmwwxwnvw

fix-migration-width-height

refactor/more-queries

revert/prettier-translations

refactor/asset-service-queries

fix/locale-settings-desc

chore/add-debug-log

feat/edit-filters

shared-deep-link-handler

feat/mobile-editing

feat/thumbnail-native-clients

feat/platform-clients

feat/integrity-checks-izzy

fix/foreground-cloud-sync

feat/dynamic-layout

filter-by-person

feat/csp

refactor/sidebar

fix/disable-editing

fix/view-timeline-deeplink

image-zoom-on-slow-connection

fix-consider-dar-for-video-dimension

fix/merged-edited-assets

perf/optimize-album-sort

open-api-fix

feat/create-job-with-dto

use-toast-primary

feat/vitest-4

feat/ios-fastlane-match

match-signing

fix-update-time-update-timeline

chore/translation-keys

feat/modal-routes

feat/panorama-tiles

feature/mobile-view-asset-owner

feat/system-settings

feature/show-activity-count

better-info-in-asset-viewer

fix/all-people-count

feat/location-favorites

feature/rearrange-buttons-2

fix/download-storage-template

feat/kb-shortcuts-mobile

fix/people-count

push-qolzzzzxrvvn

chore/originals-in-asset-files

feat/asset-size-columns

ben/tree-a11y

new-search-filter-ui

refactor/expectSelectedReadonly

refactor/mobile-grdb

push-qvuktpxmkknu

feat/mobile-native-local-sync

refactor/timeline_ops

fix/scrubber_end

feat/version.txt

feat/context-menus

feat/server-chunked-uploads

refactor/virtualsegment

refactor/rename_daymonth_groups

fix/restrict-android-bg-worker

feat/android-periodic-worker

fix-remote-sync-clean-up

refactor/timeline_move_ops

renovate/mapbox-mapbox-gl-rtl-text-0.x

fix/timeline_split_selectable

feat/keyboard_actions_help_modal

feat/static_frontend

feat/notification-warnign-android

feat/plugins2

feat/plugins

test/create-workflow-token-action

fix/docs-force

debug/search-result-similarity

debug/cf-chunked-uploads

feat/eslint_rule

feat/search-filter-album/web

refactor/timeline_photostream

refactor/timelineasset_asset

feat/session-permissions

feat/timeline_photostream_assetnav

feat/timeline_minor_optimize

feat/timeline_perf_nocomp

feat/timeline_search_results_actions

feat/timeline_search_results_page

fix/timeline_padding

fix/timeline_search_reactivity_warnings

feat/timeline_scrollbar

feat/timeline_stream_withviewer

fix/timeline_back_forth_nav

refactor/timeline_photostream_component

fix/generated-files-checks

fix/locate-button-local

chore/base-image-mimalloc

refactor/timeline_assetlayout

refactor/timeline_selectable

refactor/timeline_aware_actions

refactor/timeline_monthsegment

feat/remove-old-pages

chore/deps-gradle

tmp_photostream

tmp/lcms

feat/mobile-dynamic-thumbnails

fix/mobile-finer-thumbnail-concurrency

refactor/timeline1

refactor/extract_photostream

refactor/rename_load_api

refactor/timeline2

refactor/timeline3

feat/multi-select-asset-viewer

feat-no-thumbhash-cache

refactor/asset_grid

feat/faster-access-checks

fix/18991

fix/19543

chore/temp-remove

fix/21419

feat/mobile-hdr-images

chore/update-mise-lockfile

feat/mise-server-checks

feat/mise-ci

feat/windows-2025

feat/dev_cli

refactor/mobile-migrate-clients

fix/map-theme

fix/require-checkbox

chore/use_swc

feat/efficient-thumbnail-decoding

refactor/mobile-thumbhash

refactor/mobile-thumbhash-new

fix/mobile-uncached-zoom

feat/beta-background-upload

fix/beta-timeline-memories-setting

fix/failed-uploads-not-removed

feat/mobile-shared-album

feat/groups

drift-map-page

drift-auth-user-sync

fix/disable-memory

feat/add-to-album-action

edit-date-time-action

drift-people-page

sqlite-remove-isIn

feat/inline-storage-columns

chore/required-reviewers

refact/asset-manager

fix/folder-sort

pnpm

feat/widget-multiple-server-urls

chore/medium-tests-dbname

fix/web-no-iterator-find

fix/map-pan-interruption

track-livephotos

timeline_events

chore/oxlint-migration

feat/maintenance-worker

feat/dav

chore/demo-snapshot

refactor/server-side-dedupe

feat/integrity-checks

dev/recognition-eval

lighter_buckets_test

perf/postgres-queue

postgres-queue

focus_rings

refactor/web-stores-1

refactor/add-to-taken

feat/sort-places

feat/sidecar-asset-file

vet

tmp/demo-snapshot-preview

fix/server-migration-file-extension

refactor/mobile-v2

fix/asset-update-race-condition

rknn-toolkit-lite2

refactor/mobile-split-up-search-page

feature/Add-rocm-support-for-machine-learning

feat/rocm

chore/async-hash-file

feat/shared-link-view-count

feat/rotation

feat/graphql

feat/job-ids

feat/ignore-library-permission-error

feat/docker-compose-builder

feat/kysely-typeorm

mobile/onboarding

no-video-player

fix/server-qsv-output-format

chore/server-geodata-tweaks

mobile/native-video-player-no-hero

feat/xxhash

fix/docs-concurrency

feat/preload-ml-textual-model

feat/local-tileserver

refactor/exif-orientation

original-path-infix

refactor/mobile/login-form-1

feat/server-editor-endpoints

fix/server-qsv-vbr

fix-mobile-db-problems

feat/ml-armnn-conversion

feat/mobile/backup-with-album-info

feat/fast-initial-sync-1

chore/handle-output_dims

feat/server-more-robust-generation

feat/unassign-faces

feat/shortcuts-on-asset-grid

feat/background-upload

feat/capacitor-mobile-app-poc

feat/server-nvenc-hw-decoding

release/v1.105

fix/mobile-fetch-non-archive

feat/fine-grained-access-controls

web/automation-ui

feat/mobile-server-endpoint-save-dropdown

feat/blurhash-thumbnail

object-storage

feat/memories-animations

dev/metrics

ml/tflite

feat/ml-export-cli

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: immich-app/immich#1717