From what I understand, it’s the phone itself that fails to access or validate the CA certificate trust store, so it doesn’t even attempt an HTTPS connection.
The firmware might be referencing a CA path that doesn’t exist or isn’t accessible.
The certificate file could be present but have incorrect permissions.
The CA bundle might be missing or corrupted within the firmware.
…
So the error seems to originate from how the phone handles certificate validation internally.
I also tried downgrading to the November/December firmware version, but that doesn’t seem to be supported.
That previous thread was also mine—I had been troubleshooting SIP-TLS at the time, which was a new configuration I was experimenting with. I never really understood whether Malcom’s reply was meant to help resolve the issue, and unfortunately, that discussion ended without a solution.
Later on, I opened a separate thread focused specifically on HTTPS provisioning. Unlike SIP-TLS, HTTPS provisioning had worked in the past—at least as far as I can recall—so I felt it deserved dedicated attention.
I really hope Sangoma can finally step in with meaningful input and a resolution. We’re talking about their flagship phones, and this issue has been dragging on for over five months. Every small step forward has come from my own testing and analysis.
It sounds to me as though the phone doesn’t trust ZeroSSL. Normally you would fix that by installing the root CA used by ZeroSSL, and any intermediate certificates that your server is not volunteering. Not having used the phone, I don’t know the procedures for doing that.