ROCKET_TLS Error #621

New Issue

Closed

opened 2026-02-04 21:52:33 +03:00 by OVERLORD · 10 comments

OVERLORD commented 2026-02-04 21:52:33 +03:00

Owner

Copy Link

Originally created by @mobizent on GitHub (Feb 24, 2020).

Subject of the issue

Container stops on error with Custom Wildcard SSL

Your environment

• Bitwarden_rs version: bitwardenrs/server:alpine

• Install method: Docker Image

• Other relevant information:

Ran the container with

docker run -d --name bitwarden -e ROCKET_TLS='{certs="/opt/bitwarden/keys/cert.pem",key="/opt/bitwarden/keys/key.pem"}' -v /opt/bitwarden/keys/:/ssl/ -v /opt/bitwarden/:/data/ -p 7443:8088 bitwardenrs/server:alpine

the container errors out with this error message

PS: I'm running on 7443 as i have other container running on 443

Starting Bitwarden_RS                        |
|                      Version 1.13.1-8a5450e8                       |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the   |
| official channels to report bugs/features, regardless of client.   |
| Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new |
\--------------------------------------------------------------------/
[2020-02-23 23:40:24][rocket::config::error][ERROR] I/O error while setting tls.certs:
Logger failed to initialize: attempted to set a logger after the logging system was already initialized

But if i run this

docker run -d --name bitwarden -v /opt/bitwarden/:/data/ -v /opt/bitwarden/keys/:/ssl/ -it ubuntu bash

the SSL files are in the container

[https://i.imgur.com/L56LFwn.png](Screenshot of SSL folder)

I tried removing the "" but still same result.

The SSL certs are in the local directory

Originally created by @mobizent on GitHub (Feb 24, 2020). ### Subject of the issue Container stops on error with Custom Wildcard SSL ### Your environment * Bitwarden_rs version: bitwardenrs/server:alpine * Install method: Docker Image * Other relevant information: Ran the container with `docker run -d --name bitwarden -e ROCKET_TLS='{certs="/opt/bitwarden/keys/cert.pem",key="/opt/bitwarden/keys/key.pem"}' -v /opt/bitwarden/keys/:/ssl/ -v /opt/bitwarden/:/data/ -p 7443:8088 bitwardenrs/server:alpine` the container errors out with this error message PS: I'm running on 7443 as i have other container running on 443 ``` Starting Bitwarden_RS | | Version 1.13.1-8a5450e8 | |--------------------------------------------------------------------| | This is an *unofficial* Bitwarden implementation, DO NOT use the | | official channels to report bugs/features, regardless of client. | | Report URL: https://github.com/dani-garcia/bitwarden_rs/issues/new | \--------------------------------------------------------------------/ [2020-02-23 23:40:24][rocket::config::error][ERROR] I/O error while setting tls.certs: Logger failed to initialize: attempted to set a logger after the logging system was already initialized ``` But if i run this `docker run -d --name bitwarden -v /opt/bitwarden/:/data/ -v /opt/bitwarden/keys/:/ssl/ -it ubuntu bash` the SSL files are in the container [https://i.imgur.com/L56LFwn.png](Screenshot of SSL folder) I tried removing the "" but still same result. The SSL certs are in the local directory

OVERLORD closed this issue 2026-02-04 21:52:36 +03:00

OVERLORD commented 2026-02-04 21:52:38 +03:00

Author

Owner

Copy Link

@MeiRos commented on GitHub (Feb 24, 2020):

I think you should change cert.pem to fullchain.pem. There's explanation in the wiki.

@MeiRos commented on GitHub (Feb 24, 2020): I think you should change cert.pem to fullchain.pem. There's explanation in the wiki.

OVERLORD commented 2026-02-04 21:52:45 +03:00

Author

Owner

Copy Link

@mobizent commented on GitHub (Feb 24, 2020):

I think you should change cert.pem to fullchain.pem. There's explanation in the wiki.

I did that too... still the same issue

But if i run it on port 8088 without SSL it works just fine

sudo docker run -d --name bitwarden -v /opt/bitwarden/:/data/ -p 8088:80 bitwardenrs/server:alpine

@mobizent commented on GitHub (Feb 24, 2020): > I think you should change cert.pem to fullchain.pem. There's explanation in the wiki. I did that too... still the same issue But if i run it on port 8088 without SSL it works just fine `sudo docker run -d --name bitwarden -v /opt/bitwarden/:/data/ -p 8088:80 bitwardenrs/server:alpine`

OVERLORD commented 2026-02-04 21:52:54 +03:00

Author

Owner

Copy Link

@jjlin commented on GitHub (Feb 24, 2020):

The paths in ROCKET_TLS need to be from the perspective of the container, i.e. /ssl/<pem-file>, not /opt/bitwarden/keys/<pem-file>.

@jjlin commented on GitHub (Feb 24, 2020): The paths in `ROCKET_TLS` need to be from the perspective of the container, i.e. `/ssl/<pem-file>`, not `/opt/bitwarden/keys/<pem-file>`.

OVERLORD commented 2026-02-04 21:53:02 +03:00

Author

Owner

Copy Link

@mobizent commented on GitHub (Feb 24, 2020):

The paths in ROCKET_TLS need to be from the perspective of the container, i.e. /ssl/<pem-file>, not /opt/bitwarden/keys/<pem-file>.

thanks..

the /ssl is on the host OR within the container?

how do i map the wildcard CA certs to the container then? can i do -v /opt/bitwarden/keys to /ssl mount point?

@mobizent commented on GitHub (Feb 24, 2020): > The paths in `ROCKET_TLS` need to be from the perspective of the container, i.e. `/ssl/<pem-file>`, not `/opt/bitwarden/keys/<pem-file>`. thanks.. the /ssl is on the host OR within the container? how do i map the wildcard CA certs to the container then? can i do -v /opt/bitwarden/keys to /ssl mount point?

OVERLORD commented 2026-02-04 21:53:10 +03:00

Author

Owner

Copy Link

@mobizent commented on GitHub (Feb 24, 2020):

The paths in ROCKET_TLS need to be from the perspective of the container, i.e. /ssl/<pem-file>, not /opt/bitwarden/keys/<pem-file>.

but when i use the earlier option, the SSL cert & key file gets copied into the container ssl folder

@mobizent commented on GitHub (Feb 24, 2020): > The paths in `ROCKET_TLS` need to be from the perspective of the container, i.e. `/ssl/<pem-file>`, not `/opt/bitwarden/keys/<pem-file>`. but when i use the earlier option, the SSL cert & key file gets copied into the container ssl folder

OVERLORD commented 2026-02-04 21:53:22 +03:00

Author

Owner

Copy Link

@mobizent commented on GitHub (Feb 24, 2020):

The paths in ROCKET_TLS need to be from the perspective of the container, i.e. /ssl/<pem-file>, not /opt/bitwarden/keys/<pem-file>.

I tried this

docker run -d --name bitwarden -e ROCKET_TLS='{certs="/ssl/fullchain.pem",key="/ssl/key.pem"}' -v /opt/bitwarden/keys/:/ssl/ -v /opt/bitwarden/:/data/ -p 7443:8088 bitwardenrs/server:alpine

& now get this in the log

[2020-02-24 03:49:21][start][INFO] Rocket has launched from https://0.0.0.0:80

& i'm not able to access the web interface

@mobizent commented on GitHub (Feb 24, 2020): > The paths in `ROCKET_TLS` need to be from the perspective of the container, i.e. `/ssl/<pem-file>`, not `/opt/bitwarden/keys/<pem-file>`. I tried this `docker run -d --name bitwarden -e ROCKET_TLS='{certs="/ssl/fullchain.pem",key="/ssl/key.pem"}' -v /opt/bitwarden/keys/:/ssl/ -v /opt/bitwarden/:/data/ -p 7443:8088 bitwardenrs/server:alpine` & now get this in the log `[2020-02-24 03:49:21][start][INFO] Rocket has launched from https://0.0.0.0:80` & i'm not able to access the web interface

OVERLORD commented 2026-02-04 21:53:28 +03:00

Author

Owner

Copy Link

@jjlin commented on GitHub (Feb 24, 2020):

You should probably read https://docs.docker.com/storage/bind-mounts/. Your current command should work, but you haven't explained what exactly "doesn't work" (e.g., error messages), and there are other aspects of your config that haven't been provided that could also have problems.

@jjlin commented on GitHub (Feb 24, 2020): You should probably read https://docs.docker.com/storage/bind-mounts/. Your current command should work, but you haven't explained what exactly "doesn't work" (e.g., error messages), and there are other aspects of your config that haven't been provided that could also have problems.

OVERLORD commented 2026-02-04 21:53:34 +03:00

Author

Owner

Copy Link

@mobizent commented on GitHub (Feb 24, 2020):

You should probably read https://docs.docker.com/storage/bind-mounts/. Your current command should work, but you haven't explained what exactly "doesn't work" (e.g., error messages), and there are other aspects of your config that haven't been provided that could also have problems.

sorry, i've edited my reply earlier with what i see in the log

do i need to change ownership of the cert & key file to other than root?

@mobizent commented on GitHub (Feb 24, 2020): > You should probably read https://docs.docker.com/storage/bind-mounts/. Your current command should work, but you haven't explained what exactly "doesn't work" (e.g., error messages), and there are other aspects of your config that haven't been provided that could also have problems. sorry, i've edited my reply earlier with what i see in the log do i need to change ownership of the cert & key file to other than root?

OVERLORD commented 2026-02-04 21:53:35 +03:00

Author

Owner

Copy Link

@jjlin commented on GitHub (Feb 24, 2020):

root ownership is fine. Your log messages now suggest that it started up fine. However, it's listening on port 80 (not 8088) in the container. You would need to pass -p 7443:80.

@jjlin commented on GitHub (Feb 24, 2020): root ownership is fine. Your log messages now suggest that it started up fine. However, it's listening on port 80 (not 8088) in the container. You would need to pass `-p 7443:80`.

OVERLORD commented 2026-02-04 21:53:38 +03:00

Author

Owner

Copy Link

@mobizent commented on GitHub (Feb 24, 2020):

root ownership is fine. Your log messages now suggest that it started up fine. However, it's listening on port 80 (not 8088) in the container. You would need to pass -p 7443:80.

Thanks. It works now..

@mobizent commented on GitHub (Feb 24, 2020): > root ownership is fine. Your log messages now suggest that it started up fine. However, it's listening on port 80 (not 8088) in the container. You would need to pass `-p 7443:80`. Thanks. It works now..

OVERLORD referenced this issue 2026-02-05 04:54:47 +03:00

[PR #621] [MERGED] Adds support for PostgreSQL which adds #87 and is mentioned in #246. #2733

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#621