[GH-ISSUE #1209] Error when logging in bitwarden using Android client. #853

New issue

Closed

opened 2026-03-03 02:04:02 +03:00 by kerem · 4 comments

kerem commented 2026-03-03 02:04:02 +03:00

Owner

Copy link

Originally created by @benzBrake on GitHub (Oct 30, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1209

Subject of the issue

Cannot loggin to my bitwarden server with Bitwarden Android 2.6.0 with error message Exception Message: Chain validation failed.

Your environment

• Bitwarden_rs version: Docker image id 4f627c5a63f0

• Install method: Docker
• Clients used: Bitwarden Android 2.6.1
• Reverse proxy and version: Caddy 1.0.4
• SSL certificate: Let's Encrypt Elliptic Curve 256 2020-12-08
• Other relevant information: I tried to logging on my iPad, there's no problem.

Steps to reproduce

Using docker-compose, my config is

  bitwarden:
    image: bitwardenrs/server 
    container_name: bitwarden
    restart: always
    volumes:
      - /data/bitwarden:/data/bitwarden
    env_file:
      - /data/bitwarden/config.env

Conent of config.env

SIGNUPS_ALLOWED=false
DOMAIN=http://localhost
DATABASE_URL=/data/bitwarden/database.db
ROCKET_WORKERS=10
WEB_VAULT_ENABLED=true

I'm using caddy 1.0.4 for reserve proxy.
Config of caddy

mydomain {
    tls webmaster@mydomain
    #rewrite / {
    #    if_op or
    #    if {>User-Agent} not_has "Bitwarden"
    #    if {>User-Agent} not_has "Waterfox"
    #    to /404.html
    #}
    proxy /notifications/hub/negotiate bitwarden:80 {
        transparent
    }
    proxy /notifications/hub bitwarden:3012 {
        websocket
    }
    proxy / bitwarden:80 {
        transparent
    }
}

Expected behaviour

Actual behaviour

Relevant logs

Originally created by @benzBrake on GitHub (Oct 30, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1209 <!-- # ### NOTE: Please update to the latest version of bitwarden_rs before reporting an issue! This saves you and us a lot of time and troubleshooting. See: https://github.com/dani-garcia/bitwarden_rs/issues/1180 # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS addresses and especially passwords, if necessary. --> ### Subject of the issue Cannot loggin to my bitwarden server with Bitwarden Android 2.6.0 with error message `Exception Message: Chain validation failed`. ### Your environment <!-- The version number, obtained from the logs or the admin diagnostics page --> <!-- Remember to check your issue on the latest version first! --> * Bitwarden_rs version: Docker image id 4f627c5a63f0 <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker * Clients used: Bitwarden Android 2.6.1 * Reverse proxy and version: Caddy 1.0.4 * SSL certificate: Let's Encrypt Elliptic Curve 256 2020-12-08 * Other relevant information: I tried to logging on my iPad, there's no problem. ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start bitwarden_rs? --> Using docker-compose, my config is ``` bitwarden: image: bitwardenrs/server container_name: bitwarden restart: always volumes: - /data/bitwarden:/data/bitwarden env_file: - /data/bitwarden/config.env ``` Conent of config.env ``` SIGNUPS_ALLOWED=false DOMAIN=http://localhost DATABASE_URL=/data/bitwarden/database.db ROCKET_WORKERS=10 WEB_VAULT_ENABLED=true ``` I'm using caddy 1.0.4 for reserve proxy. Config of caddy ``` mydomain { tls webmaster@mydomain #rewrite / { # if_op or # if {>User-Agent} not_has "Bitwarden" # if {>User-Agent} not_has "Waterfox" # to /404.html #} proxy /notifications/hub/negotiate bitwarden:80 { transparent } proxy /notifications/hub bitwarden:3012 { websocket } proxy / bitwarden:80 { transparent } } ``` ### Expected behaviour <!-- Tell us what should happen --> ### Actual behaviour <!-- Tell us what happens instead --> ### Relevant logs <!-- Share some logfiles, screenshots or output of relevant programs with us. -->

kerem 2026-03-03 02:04:02 +03:00

• closed this issue
• added the
  better for forum
  label

kerem commented 2026-03-03 02:04:03 +03:00

Author

Owner

Copy link

@jssta15646461234 commented on GitHub (Nov 3, 2020):

same here. same docker image,

<!-- gh-comment-id:720858351 --> @jssta15646461234 commented on GitHub (Nov 3, 2020): same here. same docker image,

kerem commented 2026-03-03 02:04:03 +03:00

Author

Owner

Copy link

@benzBrake commented on GitHub (Nov 8, 2020):

same here. same docker image,

Have you using let's encrypt as ssl certificate?
It seems that my problem solved by changing ceriticate to cloudflare's

<!-- gh-comment-id:723522478 --> @benzBrake commented on GitHub (Nov 8, 2020): > > > same here. same docker image, Have you using let's encrypt as ssl certificate? It seems that my problem solved by changing ceriticate to cloudflare's

kerem commented 2026-03-03 02:04:03 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Nov 16, 2020):

Well, the error is very clear, the chain is not valid.
Please check if you have the full chain served instead of only the domain cert.
So, it should be fullchain.pem instead of cert.pem for example.

Else most mobile client's will not understand the certificate, as do some browsers.

<!-- gh-comment-id:728213794 --> @BlackDex commented on GitHub (Nov 16, 2020): Well, the error is very clear, the chain is not valid. Please check if you have the full chain served instead of only the domain cert. So, it should be `fullchain.pem` instead of `cert.pem` for example. Else most mobile client's will not understand the certificate, as do some browsers.

kerem commented 2026-03-03 02:04:04 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Nov 18, 2020):

Closing this ticket.
Feel free to continue this discussion on the forum: https://bitwardenrs.discourse.group/

We suggest to use a reverse-proxy for ssl-offloading, because reverse proxy are better in handling SSL.
Also checkout some of the updated/new wiki articles:
https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS (Especially the Check if certificate is valid part)
https://github.com/dani-garcia/bitwarden_rs/wiki/Running-a-private-bitwarden_rs-instance-with-Let%27s-Encrypt-certs
https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome

<!-- gh-comment-id:729779731 --> @BlackDex commented on GitHub (Nov 18, 2020): Closing this ticket. Feel free to continue this discussion on the forum: https://bitwardenrs.discourse.group/ We suggest to use a reverse-proxy for ssl-offloading, because reverse proxy are better in handling SSL. Also checkout some of the updated/new wiki articles: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS (Especially the `Check if certificate is valid` part) https://github.com/dani-garcia/bitwarden_rs/wiki/Running-a-private-bitwarden_rs-instance-with-Let%27s-Encrypt-certs https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#853

No description provided.