Oh, and this problem was documented well before the recent announcement to enable insecure connections for Tivo (and others)… which I assume is due to the expiration of the Lets Encrypt root cert expiring and not being updated on these apps.
Changing that setting so far does seem to have fixed the problem…
