1.33.2 cant read tls file properperly on docker #2234

New Issue

OVERLORD · 2026-02-05T03:41:24+03:00

OVERLORD commented

2026-02-05 03:41:24 +03:00

Originally created by @stjacob on GitHub (Apr 8, 2025).

Vaultwarden Support String

docker config:

start log:

So it missed the root slash. But the same config works well in old version like 1.32.7.

Vaultwarden Build Version

1.33.2

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

yes

Host/Server Operating System

Linux

Operating System Version

No response

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Go to '...'
Click on '....'
Scroll down to '....'
Click on '...'
Etc '...'

Expected Result

tls config works well

Actual Result

can not find the tls file due to config read error

Logs

Screenshots or Videos

No response

Additional Context

No response

Originally created by @stjacob on GitHub (Apr 8, 2025). ### Vaultwarden Support String docker config: ![Image](https://github.com/user-attachments/assets/794032d0-0548-45c0-9618-e9d38acac690) start log: ![Image](https://github.com/user-attachments/assets/6aa0e0fc-39c9-4753-8e43-41ed363ad21d) So it missed the root slash. But the same config works well in old version like 1.32.7. ### Vaultwarden Build Version 1.33.2 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy yes ### Host/Server Operating System Linux ### Operating System Version _No response_ ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. Click on '...' 5. Etc '...' ### Expected Result tls config works well ### Actual Result can not find the tls file due to config read error ### Logs ```text ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_

OVERLORD added the bug label 2026-02-05 03:41:24 +03:00

OVERLORD closed this issue

2026-02-05 03:41:25 +03:00

OVERLORD commented

2026-02-05 03:41:28 +03:00

@BlackDex commented on GitHub (Apr 8, 2025):

Did you missed the root slash? Like in you didn't added it? Or entered with the root slash, but it shows it without?

And what is your docker config? Are you sure the file is loaded?
Since technically, Vaultwarden it self is in root and without the slash should be ok in those cases.

@BlackDex commented on GitHub (Apr 8, 2025): Did you missed the root slash? Like in you didn't added it? Or entered with the root slash, but it shows it without? And what is your docker config? Are you sure the file is loaded? Since technically, Vaultwarden it self is in root and without the slash should be ok in those cases.

OVERLORD commented

2026-02-05 03:41:34 +03:00

@stjacob commented on GitHub (Apr 8, 2025):

the docker config has the root slash:
{certs="/ssl/SSLcertificate.crt",key="/ssl/SSLprivatekey.key"}

And most importly, the same config works well on version 1.32.7

@stjacob commented on GitHub (Apr 8, 2025): the docker config has the root slash: {certs="/ssl/SSLcertificate.crt",key="/ssl/SSLprivatekey.key"} And most importly, the same config works well on version 1.32.7

OVERLORD commented

2026-02-05 03:41:37 +03:00

@BlackDex commented on GitHub (Apr 8, 2025):

Could you provide your docker config? Since that error states the file doesn't exits.
Having the docker config helps me try to mimic the same environment.
Also, ensure the files are still there, and have the correct rights, like they have read access for the container user for example.

@BlackDex commented on GitHub (Apr 8, 2025): Could you provide your docker config? Since that error states the file doesn't exits. Having the docker config helps me try to mimic the same environment. Also, ensure the files are still there, and have the correct rights, like they have read access for the container user for example.

OVERLORD commented

2026-02-05 03:41:41 +03:00

@stjacob commented on GitHub (Apr 8, 2025):

version: '3'
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden_app
    restart: unless-stopped
    ports:
      - "5979:80"
    network_mode: bridge
    volumes:
      - /Container/bitwarden/:/data:rw
      - /Container/bitwarden/ssl/:/ssl
    environment:
      ROCKET_TLS:'{certs="/ssl/SSLcertificate.crt",key="/ssl/SSLprivatekey.key"}'
      SIGNUPS_ALLOWED: false
      WEBSOCKET_ENABLED: true
      WEB_VAULT_ENABLED: true
    command: /start.sh

error msg：
[NOTICE] You are using a plain text ADMIN_TOKEN which is insecure.
Please generate a secure Argon2 PHC string by using vaultwarden hash or argon2.
See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token

Error: Rocket.
[CAUSE] Io(
Custom {
kind: NotFound,
error: "error reading TLS file ssl/SSLcertificate.crt: No such file or directory (os error 2)",
},
)

@stjacob commented on GitHub (Apr 8, 2025): ``` version: '3' services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden_app restart: unless-stopped ports: - "5979:80" network_mode: bridge volumes: - /Container/bitwarden/:/data:rw - /Container/bitwarden/ssl/:/ssl environment: ROCKET_TLS:'{certs="/ssl/SSLcertificate.crt",key="/ssl/SSLprivatekey.key"}' SIGNUPS_ALLOWED: false WEBSOCKET_ENABLED: true WEB_VAULT_ENABLED: true command: /start.sh ``` error msg： [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure. Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token Error: Rocket. [CAUSE] Io( Custom { kind: NotFound, error: "error reading TLS file `ssl/SSLcertificate.crt`: No such file or directory (os error 2)", }, )

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#2234