starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 17:55:58 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2016] ROCKET_TLS={certs....could not be parsed #1128

New issue
Closed
opened 2026-03-03 02:06:28 +03:00 by kerem · 4 comments
kerem commented 2026-03-03 02:06:28 +03:00
Owner
Copy link

Originally created by @M4st3rITA on GitHub (Oct 2, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2016

Subject of the issue

since yesterday, it is no longer possible to use externally created SSL certificates; the rest of the server is unaffected; I am using NGINX Proxy Manager

Deployment environment

  • vaultwarden version:
    1.22.2

  • Install method:

  • Clients used:

  • Reverse proxy and version:
    NGINX Proxy Manager v2.9.9

  • MySQL/MariaDB or PostgreSQL version:

  • Other relevant details:

Steps to reproduce

after starting up the docker, as usual, Vaultwarden is not reachable and a 502 bad gateway error is returned; the docker log reads as follows:
[2021-10-02 07:26:17.075][rocket::config::error][ERROR] environment variable ROCKET_TLS={certs="/ssl/npm-8/fullchain.pem",key="/ssl/npm-8/privkey.pem"} could not be parsed

Logger failed to initialize: attempted to set a logger after the logging system was already initialized

Expected behaviour

Actual behaviour

Troubleshooting data

Originally created by @M4st3rITA on GitHub (Oct 2, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2016 <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> since yesterday, it is no longer possible to use externally created SSL certificates; the rest of the server is unaffected; I am using NGINX Proxy Manager ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.22.2 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> * Reverse proxy and version: <!-- if applicable --> NGINX Proxy Manager v2.9.9 * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> after starting up the docker, as usual, Vaultwarden is not reachable and a 502 bad gateway error is returned; the docker log reads as follows: [2021-10-02 07:26:17.075][rocket::config::error][ERROR] environment variable ROCKET_TLS={certs="/ssl/npm-8/fullchain.pem",key="/ssl/npm-8/privkey.pem"} could not be parsed Logger failed to initialize: attempted to set a logger after the logging system was already initialized ### Expected behaviour <!-- Tell us what you expected to happen --> ### Actual behaviour <!-- Tell us what actually happened --> ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->
kerem closed this issue 2026-03-03 02:06:29 +03:00
kerem commented 2026-03-03 02:06:29 +03:00
Author
Owner
Copy link

@M4st3rITA commented on GitHub (Oct 2, 2021):

Compared to the past few days, nothing has been changed, no settings, no variables.

<!-- gh-comment-id:932701483 --> @M4st3rITA commented on GitHub (Oct 2, 2021): Compared to the past few days, nothing has been changed, no settings, no variables.
kerem commented 2026-03-03 02:06:29 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Oct 2, 2021):

Is this cert a Lets Encrypt cert?
If so, it could have something to do with this: https://letsencrypt.org/2021/10/01/cert-chaining-help.html

<!-- gh-comment-id:932702866 --> @BlackDex commented on GitHub (Oct 2, 2021): Is this cert a Lets Encrypt cert? If so, it could have something to do with this: https://letsencrypt.org/2021/10/01/cert-chaining-help.html
kerem commented 2026-03-03 02:06:29 +03:00
Author
Owner
Copy link

@M4st3rITA commented on GitHub (Oct 2, 2021):

Yes, definitely...I'm using Let's Encrypt certs.
How can I resolve this...?
I already tried to use the HTTP version of Vaultwarden without success because of the security policy of the browser

<!-- gh-comment-id:932708594 --> @M4st3rITA commented on GitHub (Oct 2, 2021): Yes, definitely...I'm using Let's Encrypt certs. How can I resolve this...? I already tried to use the HTTP version of Vaultwarden without success because of the security policy of the browser
kerem commented 2026-03-03 02:06:29 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Oct 2, 2021):

Well if you use a reverse proxy, you could just have the reverse pricy offload the ssl. That might work.

Else i think you are using the Alpine image, you might want to switch to the Debian image.

<!-- gh-comment-id:932716152 --> @BlackDex commented on GitHub (Oct 2, 2021): Well if you use a reverse proxy, you could just have the reverse pricy offload the ssl. That might work. Else i think you are using the Alpine image, you might want to switch to the Debian image.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#1128
No description provided.