In order to operate properly, most applications require a back-end API that uses HTTPS and SSL or TLS. These protocols require properly configured and maintained certificates which you can purchase from a certificate authority.
If you are setting up your own hosting for your back-end, there are a few items you should keep in mind:
- Do not use self-signed certificates. Just don't.
- Use a SSL checking tool such as this one to check that your SSL certificates are installed properly. If that works, you should be good to go.
- More detailed information can be gathered using this SSL Server Tester, but it will also take longer to run than the one linked above, but it will provide more browser by browser information.
But... It "Works" in Cordova?
Cordova will ignore SSL issues when run with a development build. This means that in development, you can use self-signed certificates and the like. This also means that you can sometimes use a server that has some kind of break in the certificate chain that raises SSL errors. The problem with this is that you spend all that time developing the application and then you go to release it and it does not work because your production server has the same issues. What you thought was going to work because it worked in development does not actually work in production.
Capacitor addresses this by keeping the environments the same. If there is some sort of problem, like self-signed certificates or a break in the certificate chain, it is going to break in development as well as production. This minimizes the chances of an "it worked in development" type of error when you do a release build.