I have fixed the problem. The thing is that the certificate has to be installed in the system storage, as otherwise Syncthing seems to completely ignore it. Of course, in order to do so, you need to have root access, so if your Android device isn’t rooted, you’re probably out of luck (unless you’ve got a custom recovery with /system access).
The detailed steps are as follows.
-
Run
openssl x509 -inform PEM -subject_hash -in isrgrootx1.pem.txt(in Windows, you can useopenssl.exefrom MSYS2). -
Look for the subject of the certificate in the command output. It was
4042bceein my case. -
Rename the file from
isrgrootx1.pem.txtto4042bcee.0. -
Copy the file to the Android device, e.g. with
adb push 4042bcee.0 /sdcard/. -
Open the shell, e.g. with
adb shell(or you can use a terminal emulator on the device itself). -
Switch to root, mount the
/systempartition as writeable, copy the certificate to the system storage, fix the permissions, then remount the partition as read-only.su mount -o rw,remount /system cp /sdcard/4042bcee.0 /system/etc/security/cacerts/ chmod 0644 /system/etc/security/cacerts/4042bcee.0 mount -o ro,remount /system -
Restart Syncthing, which should now be able to connect to relays.
The instructions are based on the @Catfriend1’s link and also on a few other sources I’ve managed to find in the Internet. I’ve tested them with success on the two devices mentioned in this thread.