Describe the issue
When attempting to log in with an Apple ID on Fedora Linux (and likely other non-Debian-based distros like Arch, openSUSE, etc.), the login gets stuck at "Logging in..." indefinitely. The app does not crash -- it just hangs with no error displayed to the user.
Root cause: rustls_platform_verifier looks for CA root certificates at the Debian/Ubuntu path /etc/ssl/certs/ca-certificates.crt. On Fedora (and other RPM-based distros), this file does not exist. The CA bundle is located at /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem instead.
Because no CA certificates are loaded, all HTTPS requests silently fail (including connections to the anisette server ani.sidestore.io and Apple's gsa.apple.com), causing the login to hang forever.
From the log file:
WARN rustls_platform_verifier::verification::others: Error loading CA root certificate: failed to read PEM from file: No such file or directory (os error 2) at '/etc/ssl/certs/ca-certificates.crt'
ERROR panic: panic captured thread="tokio-runtime-worker" location="...isideload-0.2.20/src/anisette/remote_v3/mod.rs:48" called `Result::unwrap()` on an `Err` value: reqwest::Error { kind: Builder, source: General("No CA certificates were loaded from the system") }
Workaround: Create a symlink so rustls can find the CA bundle:
sudo ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/ssl/certs/ca-certificates.crt
After creating this symlink and restarting iloader, the log shows:
DEBUG rustls_platform_verifier::verification::others: Loaded 146 CA root certificates from the system
INFO isideload::anisette::remote_v3: Provisioning successful
INFO isideload::auth::apple_account: Initial login successful
Suggested fix: The SSL_CERT_FILE environment variable or the rustls-native-certs crate could be used to discover CA certificates on any Linux distro, rather than relying on a hardcoded Debian-specific path. Alternatively, the RPM .spec file could add a dependency on ca-certificates and check multiple common paths:
/etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu)/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (Fedora/RHEL/CentOS)/etc/ssl/ca-bundle.pem (openSUSE)/etc/ssl/certs/ca-bundle.crt (older RHEL)
Error message
No error is displayed in the UI -- the login just hangs at "Logging in..." forever. The error is only visible in the log file:
WARN rustls_platform_verifier::verification::others: Error loading CA root certificate: failed to read PEM from file: No such file or directory (os error 2) at '/etc/ssl/certs/ca-certificates.crt'
ERROR panic: panic captured thread="tokio-runtime-worker" location="/home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/isideload-0.2.20/src/anisette/remote_v3/mod.rs:48" called `Result::unwrap()` on an `Err` value: reqwest::Error { kind: Builder, source: General("No CA certificates were loaded from the system") } backtrace=disabled backtrace
Computer OS
Fedora Linux 44 (KDE Plasma)
iloader version
v2.0.11
What distribution of iloader did you download?
.rpm (Linux)
Please certify that if you use Windows, you have iTunes or Apple Mobile Devices installed, or if you use Linux, you have usbmuxd installed.
iOS Version
26.3
Phone model
iPhone 16 Pro
Please certify the following about your iPhone/iPad:
Do you have a paid or free developer account?
Free
Two-factor auth (2FA) type
Trusted Device
Describe the issue
When attempting to log in with an Apple ID on Fedora Linux (and likely other non-Debian-based distros like Arch, openSUSE, etc.), the login gets stuck at "Logging in..." indefinitely. The app does not crash -- it just hangs with no error displayed to the user.
Root cause:
rustls_platform_verifierlooks for CA root certificates at the Debian/Ubuntu path/etc/ssl/certs/ca-certificates.crt. On Fedora (and other RPM-based distros), this file does not exist. The CA bundle is located at/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.peminstead.Because no CA certificates are loaded, all HTTPS requests silently fail (including connections to the anisette server
ani.sidestore.ioand Apple'sgsa.apple.com), causing the login to hang forever.From the log file:
Workaround: Create a symlink so rustls can find the CA bundle:
After creating this symlink and restarting iloader, the log shows:
Suggested fix: The
SSL_CERT_FILEenvironment variable or therustls-native-certscrate could be used to discover CA certificates on any Linux distro, rather than relying on a hardcoded Debian-specific path. Alternatively, the RPM.specfile could add a dependency onca-certificatesand check multiple common paths:/etc/ssl/certs/ca-certificates.crt(Debian/Ubuntu)/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem(Fedora/RHEL/CentOS)/etc/ssl/ca-bundle.pem(openSUSE)/etc/ssl/certs/ca-bundle.crt(older RHEL)Error message
No error is displayed in the UI -- the login just hangs at "Logging in..." forever. The error is only visible in the log file:
Computer OS
Fedora Linux 44 (KDE Plasma)
iloader version
v2.0.11
What distribution of iloader did you download?
.rpm (Linux)
Please certify that if you use Windows, you have iTunes or Apple Mobile Devices installed, or if you use Linux, you have usbmuxd installed.
iOS Version
26.3
Phone model
iPhone 16 Pro
Please certify the following about your iPhone/iPad:
Do you have a paid or free developer account?
Free
Two-factor auth (2FA) type
Trusted Device