@Rado1, your server redirects .lock to .lock/, which is useless, but it does it anyway. This causes an issue in Joplin (in iOS for sure but maybe in Android) too because when a request is redirected, the underlying network stack doesn’t forward the auth headers.
You might want to try the latest version 311, which fetches .lock/ directly, to see it solves your problem: