I love the terrific new option to accept unknown certificates without major hackery. I’ve had a few situations where it didn’t work though, one of the a while back while getting rid of CAdroid and now after a certificate change.
So here’s the situation: I generated a new cert using Let’s encrypt and put it on my DAV server. Then I let my Android device(s) sync; at first you don’t see anything (no dialog, the calendars are silently not refreshed). When you go into the account settings you can see that it is permanently busy with syncing on of the accounts (I have 3 or 4). If you turn off one of the syncing accounts it will complain about an unknown certificate with the usual choices do deny, accept once, accept always. However accepting does not work; if you flick the switch the dialog will appear again ad infinitum.
But there’s a cure: remove one of the accounts with the tainted certificate and re-add it; accept always once and voilá: all affected account start synchronising again.
Again this also happened when I ditched CAdroid and my suspicion is it will happen again when the Let’s encrypt certificates expires in 90 days and I get a new one…