[GH-ISSUE #1077] Apple SMTP certificate validation error #761

New issue

Closed

opened 2026-03-03 02:02:56 +03:00 by kerem · 8 comments

kerem commented 2026-03-03 02:02:56 +03:00

Owner

Copy link

Originally created by @sherzinger on GitHub (Aug 1, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1077

Subject of the issue

Apple SMTP server cannot be used because of certificate validation error.

Your environment

• Bitwarden_rs version: 1.15.1-1e950c7d
• Install method: docker

Steps to reproduce

Used the settings as described here (with and without TLS) https://support.apple.com/en-us/HT202304
Not much room for error.

Relevant logs

Originally created by @sherzinger on GitHub (Aug 1, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1077 ### Subject of the issue Apple SMTP server cannot be used because of certificate validation error. ### Your environment * Bitwarden_rs version: 1.15.1-1e950c7d * Install method: docker ### Steps to reproduce Used the settings as described here (with and without TLS) https://support.apple.com/en-us/HT202304 Not much room for error. ### Relevant logs <img width="897" alt="Screenshot 2020-08-01 at 16 14 14" src="https://user-images.githubusercontent.com/11333940/89103472-71aec380-d412-11ea-85a4-9a5c1aef73e3.png">

kerem 2026-03-03 02:02:56 +03:00

• closed this issue
• added the
  better for forum
  label

kerem commented 2026-03-03 02:02:57 +03:00

Author

Owner

Copy link

@sherzinger commented on GitHub (Aug 2, 2020):

Possible duplicate of #1037

<!-- gh-comment-id:667700223 --> @sherzinger commented on GitHub (Aug 2, 2020): Possible duplicate of #1037

kerem commented 2026-03-03 02:02:57 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Aug 16, 2020):

As stated in #1045 already. You can try these options.

You can try to add the CA cert your self by using the startup script @jjlin created: https://github.com/dani-garcia/bitwarden_rs/wiki/Starting-a-Container#customizing-container-startup

Or you can make sure the docker host has the CA installed correctly and do a read-only mount the /etc/ssl/certs folder within docker by using -v /etc/ssl/certs:/etc/ssl/certs:ro this should include all the ca certs your host allows within the docker container.

And you probably need to mount the following also as a read only:
-v /usr/share/ca-certificates/mozilla:/usr/share/ca-certificates/mozilla:ro

<!-- gh-comment-id:674533197 --> @BlackDex commented on GitHub (Aug 16, 2020): As stated in #1045 already. You can try these options. You can try to add the CA cert your self by using the startup script @jjlin created: https://github.com/dani-garcia/bitwarden_rs/wiki/Starting-a-Container#customizing-container-startup Or you can make sure the docker host has the CA installed correctly and do a read-only mount the `/etc/ssl/certs` folder within docker by using `-v /etc/ssl/certs:/etc/ssl/certs:ro` this should include all the ca certs your host allows within the docker container. And you probably need to mount the following also as a read only: `-v /usr/share/ca-certificates/mozilla:/usr/share/ca-certificates/mozilla:ro`

kerem commented 2026-03-03 02:02:57 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Nov 18, 2020):

@sherzinger Did you got this working? Or do you still have issues?

<!-- gh-comment-id:729630024 --> @BlackDex commented on GitHub (Nov 18, 2020): @sherzinger Did you got this working? Or do you still have issues?

kerem commented 2026-03-03 02:02:57 +03:00

Author

Owner

Copy link

@gaby commented on GitHub (Mar 5, 2022):

@BlackDex I'm also running into this issue. Adding a script with 'update-ca-certificates" still prompts the same error. Vaultwarden really needs an easy way to just provide a Custom CA. Custom CA's are super common in airgap/enterprise environments.

<!-- gh-comment-id:1059851221 --> @gaby commented on GitHub (Mar 5, 2022): @BlackDex I'm also running into this issue. Adding a script with 'update-ca-certificates" still prompts the same error. Vaultwarden really needs an easy way to just provide a Custom CA. Custom CA's are super common in airgap/enterprise environments.

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Mar 6, 2022):

@gaby did you mounted the volumes from the host or added the CA via a script?
If using the Ubuntu (and i think even Alpine) image you could try to add the CA's to /usr/share/ca-certificates and run update-ca-certificates that should do the trick.

<!-- gh-comment-id:1059856006 --> @BlackDex commented on GitHub (Mar 6, 2022): @gaby did you mounted the volumes from the host or added the CA via a script? If using the Ubuntu (and i think even Alpine) image you could try to add the CA's to `/usr/share/ca-certificates` and run `update-ca-certificates` that should do the trick.

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@gaby commented on GitHub (Mar 6, 2022):

I'd give that a try. thanks

<!-- gh-comment-id:1060040368 --> @gaby commented on GitHub (Mar 6, 2022): I'd give that a try. thanks

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@gaby commented on GitHub (Mar 8, 2022):

Got it working:

For future person with the same error:

init.sh

#!/bin/sh
set -e -x

update-ca-certificates

Mount init.sh to /etc/vaultwarden.sh

Copy your CA to a folder and then mount it to:

/path/to/your/ca/:/usr/share/ca-certificates/extras

<!-- gh-comment-id:1061283263 --> @gaby commented on GitHub (Mar 8, 2022): Got it working: For future person with the same error: init.sh ``` #!/bin/sh set -e -x update-ca-certificates ``` Mount `init.sh` to /etc/vaultwarden.sh Copy your CA to a folder and then mount it to: `/path/to/your/ca/:/usr/share/ca-certificates/extras`

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@ch4r13 commented on GitHub (Jan 18, 2024):

Got it working:

For future person with the same error:

init.sh

#!/bin/sh
set -e -x

update-ca-certificates

Mount init.sh to /etc/vaultwarden.sh

Copy your CA to a folder and then mount it to:

/path/to/your/ca/:/usr/share/ca-certificates/extras

It's not working for me. I've got everything I suppose as you.

Updating certificates in /etc/ssl/certs...

/usr/sbin/update-ca-certificates: 101: cannot create /etc/ssl/certs/ca-certificates.crt.new: Permission denied

<!-- gh-comment-id:1897982789 --> @ch4r13 commented on GitHub (Jan 18, 2024): > Got it working: > > For future person with the same error: > > init.sh > > ``` > #!/bin/sh > set -e -x > > update-ca-certificates > ``` > > Mount `init.sh` to /etc/vaultwarden.sh > > Copy your CA to a folder and then mount it to: > > `/path/to/your/ca/:/usr/share/ca-certificates/extras` It's not working for me. I've got everything I suppose as you. ``` Updating certificates in /etc/ssl/certs... /usr/sbin/update-ca-certificates: 101: cannot create /etc/ssl/certs/ca-certificates.crt.new: Permission denied ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#761

No description provided.