Yea, following on what @Symbioquine said - when you “accept” the SSL certificate in your browser (to tell Chrome that you trust it, even though Chrome doesn’t recognize the issuer) - that “acceptance” only applies to the browser/session/computer you accepted it from.
Whenever a third-party application needs to connect, it will run into the same problem. This is probably why you’re having trouble in other contexts - it may not give you the option to “accept” the certificate in an APK version, and maybe the same is true in a PWA that is “installed to homescreen” (I’m not sure how the browser manages the session in that case - it may be a different session than the phone’s browser itself).
A good example of this problem is
curl, which is a command line tool for sending requests. If you have a self-signed certificate,
curl will not let you send the request, and will instead show an error that the SSL is insecure. The only way to send the request is to add the
-k flag, which says “allows insecure connections”. That’s basically what you’re doing when you “accept” it in a browser as well. Field Kit uses a library called Axios for HTTP requests, and similarly that library provides a special flag to allow insecure connections (see How to ignore SSL issues · Issue #535 · axios/axios · GitHub). Field Kit does not include this flag (nor should it). So I’m actually surprised that it worked for you in ANY context - but that just suggests to me that your browser is remembering that you accepted it, when it was done in the same computer/session/context. That’s just a guess though, and I could be missing something… in either case I think the solution is to either:
a) create a real SSL certificate
b) add the self-signed cert to your trust store (as @Symbioquine suggested)
Hope that helps!
FYI: A reverse proxy is not required. That’s just a method for serving farmOS with HTTPS, but it sounds like you’re already doing that. So I assume you either configured Apache SSL, or you already have a reverse proxy of some kind?