Thanks for your suggestion – I suspected it was the self signed cert and you confirmed it. I wasn’t able to use startssl to create a cert because I’m using a dynamic address provider. So I exported my PEM cert as a CRT, installed it on my phone and everything works. For those who may be wondering, you can convert your PEM to a CRT with the following command: “sudo openssl x509 -inform PEM -outform DM -in mycertname.pem -out mycertname.crt”.
For android users, copy that CRT to your device. I connected my phone to my laptop and copied it. Then go to Settings > Security > Install From Storage and you’re all set! you might have to add a pin lock to your device if you haven’t done so already.