I have saved and then followed these steps for installing a certificate once it has been sent to a iOS 13.7 iPhone (in my case I used iCloud storage and the Files app to get the certificate onto the device.
After these steps have been completed you should be able enable trust for this certificate like this.
I have also used the iMazing profile editor to create a profile with the auto generated self signed wildcard certificate in case that made a difference.
In all cases the certificate doesn't show up under the "Enable full trust for root certificates" heading on the Settings > General > About > Certificate Trust Settings screen.
Apple published new requirements for certificates that can be trusted in iOS 13 and above.
All of the first set of requirements appear to be met but the last section's bullets appear to be where the problems are:
Additionally, all TLS server certificates issued after July 1, 2019 (as indicated in the NotBefore field of the certificate) must follow these guidelines:
- TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
- TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).
At present it appears that it is not possible for an updated iOS device to trust the automatically generated self signed certificate created by Cloudron.
This blog article provides steps that work, part of the issue being the requirement to have a separate CA cert that is then used to generate the TLS Web Server Authentication cert that ultimately is used for the tls connections.
Beyond that it also appears that the 10 year life time on the certificate would have to be reduced to 825 days or less (~2.26 years).