iOS 26: "TLS failed with error: -9808"

Sorry I'm not a network expert, but ChatGPT helped analysed the certificate and reported it's "missing full chain" - The chain is "leaf + intermediate only", while it's supposed to be "leaf + intermediate + root".

While I have forward to our network team, is there any way to bypass from app as a temp fix? Thanks!

Is this server available on the public Internet? If so, can you share the host name?

Oh, and just to be clear:

The chain is "leaf + intermediate only", while it's supposed to be "leaf + intermediate + root".

That is, as I’ve come to expect from LLMs, nonsense. The TLS specs are very clear that the server is not required to include the root. Specifically, RFC 8446 says:

Because certificate validation requires that trust anchors be distributed independently, a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates.

Earlier TLS RFCs had similar wording.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

We had some other findings.

So we had 3 testing phones upgraded to iOS 26 public beta previously, and encountered this issue. Then we tried to upgrade to iOS 26 official and this issue persist.

Yesterday we tried to reboot these phones above, 2 of them are working while the other one still does not.

We also upgraded 2 more iPhones directly from iOS 18 to iOS 26 OFFICIAL, and everything works fine.

So I'm suspecting this might be something related to iOS 26 beta.

Any input would be appreciated. Thanks!

Thanks for sharing the server URL. That allowed me to immediately reproduce the problem.

I have a theory as to what’s going on here. On your various iOS 26 devices, please go to Settings > General > About > Certificate Trust Settings and note down the Trust Asset Version. For example, my test device that reproduces the problem I see 1007.

Please let me know what values you see for each of your test devices, and whether that value correlates to things failing or working.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for the investigation! I have checked all devices we have and confirmed the problematic ones are all with Trues Asset Version 1007, while the working ones are with version 1009.

Thanks for that.

I believe you’re hitting the same underlying issue as the person in this thread [1]. The issue will go away as devices update to 1009.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Although the specific details are different because you’re using a different CA.