[GH-ISSUE #612] Portainer report Bitwarden-MySQL unhealthy when SSL is enabled. #409

New issue

Closed

opened 2026-03-03 01:28:51 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 01:28:51 +03:00

Owner

Originally created by @BobWs on GitHub (Sep 8, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/612

Hi,

I’m getting an unhealthy report from portainer when ROCKET_TLS is enabled.

healthcheck.sh: 3: [: missing ] % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

Webvault works fine when browsing though Any browser. No problems with ssl warnings or whatsoever. Any idea why portainer is giving the warning? The certificate is Let’s Encript certificate.

I’m using a reverse proxy in front of the bitwarden server so I guess I could disable the ROCKET_TLS, right?

Originally created by @BobWs on GitHub (Sep 8, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/612 Hi, I’m getting an unhealthy report from portainer when ROCKET_TLS is enabled. `healthcheck.sh: 3: [: missing ] % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.` Webvault works fine when browsing though Any browser. No problems with ssl warnings or whatsoever. Any idea why portainer is giving the warning? The certificate is Let’s Encript certificate. I’m using a reverse proxy in front of the bitwarden server so I guess I could disable the ROCKET_TLS, right?

kerem closed this issue

2026-03-03 01:28:51 +03:00

kerem commented

2026-03-03 01:28:52 +03:00

Author

Owner

@dani-garcia commented on GitHub (Sep 8, 2019):

Hmm, well the healthcheck is accessing localhost and the response contains a certificate for a separate domain so curl is giving an error, we might need to ignore certificate errors in that curl call.

@dani-garcia commented on GitHub (Sep 8, 2019): Hmm, well the healthcheck is accessing localhost and the response contains a certificate for a separate domain so curl is giving an error, we might need to ignore certificate errors in that curl call.

kerem commented

2026-03-03 01:28:52 +03:00

Author

Owner

@dani-garcia commented on GitHub (Sep 11, 2019):

I've changed it as mentioned so curl will ignore certificate errors in the latest commit, so we can close this.

About your latest comment that I just saw, if you are using a reverse proxy in the same local network, terminating SSL in the proxy and not using ROCKET_TLS is probably the best option.

@dani-garcia commented on GitHub (Sep 11, 2019): I've changed it as mentioned so curl will ignore certificate errors in the [latest commit](https://github.com/dani-garcia/bitwarden_rs/commit/f9408a00c6dbbf28ac9b29b0e7ee8f04bc76925c), so we can close this. About your latest comment that I just saw, if you are using a reverse proxy in the same local network, terminating SSL in the proxy and not using ROCKET_TLS is probably the best option.

kerem commented

2026-03-03 01:28:52 +03:00

Author

Owner

@BobWs commented on GitHub (Sep 12, 2019):

I've changed it as mentioned so curl will ignore certificate errors in the latest commit, so we can close this.

About your latest comment that I just saw, if you are using a reverse proxy in the same local network, terminating SSL in the proxy and not using ROCKET_TLS is probably the best option.

Thanks!

@BobWs commented on GitHub (Sep 12, 2019): > I've changed it as mentioned so curl will ignore certificate errors in the [latest commit](https://github.com/dani-garcia/bitwarden_rs/commit/f9408a00c6dbbf28ac9b29b0e7ee8f04bc76925c), so we can close this. > > About your latest comment that I just saw, if you are using a reverse proxy in the same local network, terminating SSL in the proxy and not using ROCKET_TLS is probably the best option. Thanks!