This is a pinned issue to explain what could happen with some configurations of bitwarden_rs and using any client, android in particular for most users. And could respond with a message like "There is a problem connecting to the server"
These issues started to appear with a new release of the mobile bitwarden client for android since version _v2.2.6_. The previous version _v2.2.2_ did not have any issues with connecting to bitwarden_rs at all.
After some debugging we figured it had to do with the type of secure connection v2.2.6 is trying to use in combination with the SSL/Encryption library used by bitwarden_rs to provide HTTP(S) connectivity. Since we can not control which type of encryption to allow or force a specific order we can not fix this for now until the library is updated.
We get a lot of issues or comments about connection issues which are most of the time configuration issues. Here is a list of items to check before reporting any issue regarding connectivity issues.
Most clients will not work properly when there is no SSL configured, so please make sure everything checks out and reports to be valid. Try different clients on different platforms if possible and check the web-vault before reporting any issue regarding connectivity.
Also check the bitwarden.log to see if there are any obvious error message there.
If all of the above is checked, and the known connection issue below does not apply, then report an issue with the the steps you have done, which clients you have used and which work and which do not. Also try to provide some log messages if available so that we can help you as good as we can to resolve the issues you have.
When you have the following conditions you are probably experiencing this issue.
ROCKET_TLS.If you could check all of the above and are sure the certificate is valid and includes the full chain of certificates, and get an error message when using a (mobile) client, this is a valid issue which we can not fix at the moment.
There however is a workaround to solve this, but this means you have to start using a Reverse Proxy to do the SSL offloading. So, configure bitwarden_rs to not use SSL and let a reverse proxy handle this. Please follow the Wiki Article to configure a reverse proxy and your connectivity issues should be resolved. If this is not the case, and have checked all items in this post, please report an issue!
Im able to connect on all devices other than Android. I get the "trust anchor for certification path not found" error message. Is this an issue that will be able to be resolved or is the library that needs updating out of your control?
@eatyourpeas747 that looks more like a self signed certificate, or not providing the full chain of certs. Please check the certificate by using some online tools as stated here: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS#check-if-certificate-is-valid
@eatyourpeas747 that looks more like a self signed certificate, or not providing the full chain of certs. Please check the certificate by using some online tools as stated here: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS#check-if-certificate-is-valid
I get this when doing the cert check "Chain Certificate Status: No Intermediate/Chain certificate were found." Its just odd that every other client including iOS connect fine.
And my certificate isnt a self signed one. It's a wildcard one that was bought. Sectigo RSA Domain Validation Secure Server CA
Some certificates are just not know by some devices/platforms and need the intermediate certs also which are probably signed by a know authority. I suggest to add the intermediate certs at the top of the current cert file you use, this should solve the issue.
I used bitwarden and LetsEncrypt and had this issue on Android only. To fix it I changed the following in bwdata/nginx/default.conf:
ssl_certificate /etc/ssl/warden.caerphilly.observer/certificate.crt;
To:
ssl_certificate /etc/ssl/warden.caerphilly.observer/ca.crt;
So that instead of just serving up the websites cert, it also serves the intermediary cert.
I finally solved my problem by installing the .pem certificate on my smartphone.
This is still not working for me. I downgraded to the previous version and I can login but I can't sync vault and add new logins using the app after upgrading to the newer version
@budimanjojo, then please as the stated above, create a new issue and explain what you already have checked and sure of would not be the issue.
But if you have tried adding a reverse proxy like nginx or haproxy, it should be fixed. Else there are other issues unrelated to this at all.
@BlackDex actually I already fixed it. I verify my email using the vault in browser (clicking the verify email button) and it magically fixed.
So -- I want to use a setup like:
(vpn)->local-network->static-ip-server->bitwarden_rs
(vpn optional)
this network will not always be connected to the internet, so I don't think i can use automatic LE stuff. I'm' mainly interested only in accessing these passwords on a particular LAN.
this seems to work over http, but over https I get an error:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
my question: Is there no way to use the app without exposing the http endpoint if I'm using the self-signed cert (I'm using a caddy reverse-proxy)?
Same issue as @pherralis, but with an nginx reverse-proxy. Traffic to my domain goes through a router that acts as a NAT over a WireGuard VPN (forwarding port 80). This works fine with the web client and the Firefox extension, but not with the Bitwarden Android app.
If you're using a self-signed cert, you would need to install the cert on your mobile device.
I'm actually using LetsEncrypt (yes, with the chain of trust installed). Traffic goes through my VPS, which then forwards traffic over WireGuard for port 443, and that's set up with an nginx reverse-proxy and certbot.
If you're using Let's Encrypt, you shouldn't need to install any additional certs, so the fact that you mentioned doing that might be a red flag. Anyway, it's unlikely anyone can help without more details about your setup. As this likely isn't an actual bitwarden_rs issue, I'd suggest you take this to the forums (https://bitwardenrs.discourse.group/).
Same here....
I downgraded, installed certificate on phone, and Android app not to connect to personal hosting server (all other devices NP), but Android still refuses connection.
UPDATE (found solution)
As mentioned in this post (https://github.com/bitwarden/mobile/issues/334#issuecomment-435899553), combine "cert" and "chain" into single file. That is:
'# cat cert chain >> certificate.crt
For any other new issue after all of the above has been tried, please start a new issue, or even better, go to the forum: https://bitwardenrs.discourse.group/