starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Unable to connect to vaultwarden via Bitwarden CLI #1045

New Issue
Closed
opened 2026-02-04 23:43:24 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-04 23:43:24 +03:00
Owner
Copy Link

Originally created by @blasphemite on GitHub (Jun 8, 2021).

Subject of the issue

I'm not sure if this error originates from Bitwarden CLI or from a misconfiguration of Vaultwarden.

I created a Vaultwarden instance and tried to log in via Bitwarden CLI, but I receive the error: request to https://vault.domain.example/api/accounts/prelogin failed, reason: unable to verify the first certificate

Vaultwarden itself shouldn't be dealing with the SSL; I use Caddy as a reverse proxy in front of Vaultwarden. On Caddy, I'm serving a wildcard certificate signed by a custom Root CA. This CA is successfully added to the cert store on the Ubuntu host I'm using for Bitwarden CLI.

Again, I'm not sure if this error originates from Bitwarden CLI or from a misconfiguration of Vaultwarden.

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.21.0
  • Web-vault version: v2.19.0d
  • Running within Docker: true
  • Uses a reverse proxy: true
  • IP Header check: false (X-Forwarded-For)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.33.0
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": false,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.***.***/",
  "domain_origin": "*****://*****.***.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "domainplaceholder.com",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "**@**.*****************.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.*******.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "**********@**.*****************.***",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

I started Vaultwarden simply with the configuration above.

I used the bitwarden-cli binary provided on their website, configured it to my selfhosted instance, and attempted to log in, at which point I received the error.

Expected behaviour

I expected to either pass or fail the authentication based on credentials I provided.

Actual behaviour

I receive the error when logging in, irrespective of whether or not the credentials I provide are legitimate. I can enter a gibberish standard email address and a random password and I get the same error as when I enter my true email address and real password,

Troubleshooting data

Originally created by @blasphemite on GitHub (Jun 8, 2021). ### Subject of the issue I'm not sure if this error originates from Bitwarden CLI or from a misconfiguration of Vaultwarden. I created a Vaultwarden instance and tried to log in via Bitwarden CLI, but I receive the error: `request to https://vault.domain.example/api/accounts/prelogin failed, reason: unable to verify the first certificate` Vaultwarden itself shouldn't be dealing with the SSL; I use Caddy as a reverse proxy in front of Vaultwarden. On Caddy, I'm serving a wildcard certificate signed by a custom Root CA. This CA is successfully added to the cert store on the Ubuntu host I'm using for Bitwarden CLI. Again, I'm not sure if this error originates from Bitwarden CLI or from a misconfiguration of Vaultwarden. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.21.0 * Web-vault version: v2.19.0d * Running within Docker: true * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.33.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": false, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.***.***/", "domain_origin": "*****://*****.***.***", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "domainplaceholder.com", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "**@**.*****************.***", "smtp_from_name": "Vaultwarden", "smtp_host": "****.*******.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "**********@**.*****************.***", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start Vaultwarden? --> I started Vaultwarden simply with the configuration above. I used the bitwarden-cli binary provided on their website, configured it to my selfhosted instance, and attempted to log in, at which point I received the error. ### Expected behaviour <!-- Tell us what you expected to happen --> I expected to either pass or fail the authentication based on credentials I provided. ### Actual behaviour <!-- Tell us what actually happened --> I receive the error when logging in, irrespective of whether or not the credentials I provide are legitimate. I can enter a gibberish standard email address and a random password and I get the same error as when I enter my true email address and real password, ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1045
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?