starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2025-12-10 17:23:04 +03:00
Code Issues 429 Packages Projects Releases 10 Wiki Activity

Error when logging in bitwarden using Android client. #1563

New Issue
Closed
opened 2025-10-09 17:19:51 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2025-10-09 17:19:51 +03:00
Owner
Copy Link

Originally created by @benzBrake on GitHub.

Subject of the issue

Cannot loggin to my bitwarden server with Bitwarden Android 2.6.0 with error message Exception Message: Chain validation failed.

Your environment

  • Bitwarden_rs version: Docker image id 4f627c5a63f0
  • Install method: Docker
  • Clients used: Bitwarden Android 2.6.1
  • Reverse proxy and version: Caddy 1.0.4
  • SSL certificate: Let's Encrypt Elliptic Curve 256 2020-12-08
  • Other relevant information: I tried to logging on my iPad, there's no problem.

Steps to reproduce

Using docker-compose, my config is

  bitwarden:
    image: bitwardenrs/server 
    container_name: bitwarden
    restart: always
    volumes:
      - /data/bitwarden:/data/bitwarden
    env_file:
      - /data/bitwarden/config.env

Conent of config.env

SIGNUPS_ALLOWED=false
DOMAIN=http://localhost
DATABASE_URL=/data/bitwarden/database.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true

I'm using caddy 1.0.4 for reserve proxy.
Config of caddy

mydomain {
    tls webmaster@mydomain
    #rewrite / {
    #    if_op or
    #    if {>User-Agent} not_has "Bitwarden"
    #    if {>User-Agent} not_has "Waterfox"
    #    to /404.html
    #}
    proxy /notifications/hub/negotiate bitwarden:80 {
        transparent
    }
    proxy /notifications/hub bitwarden:3012 {
        websocket
    }
    proxy / bitwarden:80 {
        transparent
    }
}

Expected behaviour

Actual behaviour

Relevant logs

Originally created by @benzBrake on GitHub. <!-- # ### NOTE: Please update to the latest version of bitwarden_rs before reporting an issue! This saves you and us a lot of time and troubleshooting. See: https://github.com/dani-garcia/bitwarden_rs/issues/1180 # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS addresses and especially passwords, if necessary. --> ### Subject of the issue Cannot loggin to my bitwarden server with Bitwarden Android 2.6.0 with error message `Exception Message: Chain validation failed`. ### Your environment <!-- The version number, obtained from the logs or the admin diagnostics page --> <!-- Remember to check your issue on the latest version first! --> * Bitwarden_rs version: Docker image id 4f627c5a63f0 <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker * Clients used: Bitwarden Android 2.6.1 * Reverse proxy and version: Caddy 1.0.4 * SSL certificate: Let's Encrypt Elliptic Curve 256 2020-12-08 * Other relevant information: I tried to logging on my iPad, there's no problem. ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start bitwarden_rs? --> Using docker-compose, my config is ``` bitwarden: image: bitwardenrs/server container_name: bitwarden restart: always volumes: - /data/bitwarden:/data/bitwarden env_file: - /data/bitwarden/config.env ``` Conent of config.env ``` SIGNUPS_ALLOWED=false DOMAIN=http://localhost DATABASE_URL=/data/bitwarden/database.db ROCKET_WORKERS=10 WEB_VAULT_ENABLED=true ``` I'm using caddy 1.0.4 for reserve proxy. Config of caddy ``` mydomain { tls webmaster@mydomain #rewrite / { # if_op or # if {>User-Agent} not_has "Bitwarden" # if {>User-Agent} not_has "Waterfox" # to /404.html #} proxy /notifications/hub/negotiate bitwarden:80 { transparent } proxy /notifications/hub bitwarden:3012 { websocket } proxy / bitwarden:80 { transparent } } ``` ### Expected behaviour <!-- Tell us what should happen --> ### Actual behaviour <!-- Tell us what happens instead --> ### Relevant logs <!-- Share some logfiles, screenshots or output of relevant programs with us. -->
OVERLORD added the better for forum label 2025-10-09 17:19:51 +03:00
OVERLORD commented 2025-10-09 17:19:53 +03:00
Author
Owner
Copy Link

@jssta15646461234 commented on GitHub:

same here. same docker image,

@jssta15646461234 commented on GitHub: same here. same docker image,
OVERLORD commented 2025-10-09 17:19:54 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Closing this ticket.
Feel free to continue this discussion on the forum: https://bitwardenrs.discourse.group/

We suggest to use a reverse-proxy for ssl-offloading, because reverse proxy are better in handling SSL.
Also checkout some of the updated/new wiki articles:
https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS (Especially the Check if certificate is valid part)
https://github.com/dani-garcia/bitwarden_rs/wiki/Running-a-private-bitwarden_rs-instance-with-Let%27s-Encrypt-certs
https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome

@BlackDex commented on GitHub: Closing this ticket. Feel free to continue this discussion on the forum: https://bitwardenrs.discourse.group/ We suggest to use a reverse-proxy for ssl-offloading, because reverse proxy are better in handling SSL. Also checkout some of the updated/new wiki articles: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS (Especially the `Check if certificate is valid` part) https://github.com/dani-garcia/bitwarden_rs/wiki/Running-a-private-bitwarden_rs-instance-with-Let%27s-Encrypt-certs https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome
OVERLORD commented 2025-10-09 17:19:54 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub:

Well, the error is very clear, the chain is not valid.
Please check if you have the full chain served instead of only the domain cert.
So, it should be fullchain.pem instead of cert.pem for example.

Else most mobile client's will not understand the certificate, as do some browsers.

@BlackDex commented on GitHub: Well, the error is very clear, the chain is not valid. Please check if you have the full chain served instead of only the domain cert. So, it should be `fullchain.pem` instead of `cert.pem` for example. Else most mobile client's will not understand the certificate, as do some browsers.
OVERLORD commented 2025-10-09 17:19:54 +03:00
Author
Owner
Copy Link

@benzBrake commented on GitHub:

same here. same docker image,

Have you using let's encrypt as ssl certificate?
It seems that my problem solved by changing ceriticate to cloudflare's

@benzBrake commented on GitHub: > > > same here. same docker image, Have you using let's encrypt as ssl certificate? It seems that my problem solved by changing ceriticate to cloudflare's
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
bug
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
troubleshooting
wontfix
No Label better for forum
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1563
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?