[GH-ISSUE #1] SSL certificate from own CA #3

New issue

Closed

opened 2026-03-04 00:59:34 +03:00 by kerem · 2 comments

kerem commented

2026-03-04 00:59:34 +03:00

Owner

Originally created by @Fe3lApAcUt on GitHub (Nov 3, 2023).
Original GitHub issue: https://github.com/sirtoobii/vaultwarden_ldap_sync/issues/1

Hey

I receive an error when starting docker with the following message:

2023-11-03:16:51:48 ERROR [sync.py] Something went wrong. Error: HTTPSConnectionPool(host='xx.domain.loc', port=443): Max retries exceeded with url: /admin/users (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))

We have our own internal CA and need to provide the root certificate to the docker I think.
Can this be done in you project?

BR Marcel

Originally created by @Fe3lApAcUt on GitHub (Nov 3, 2023). Original GitHub issue: https://github.com/sirtoobii/vaultwarden_ldap_sync/issues/1 Hey I receive an error when starting docker with the following message: `2023-11-03:16:51:48 ERROR [sync.py] Something went wrong. Error: HTTPSConnectionPool(host='xx.domain.loc', port=443): Max retries exceeded with url: /admin/users (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))` We have our own internal CA and need to provide the root certificate to the docker I think. Can this be done in you project? BR Marcel

kerem closed this issue

2026-03-04 00:59:34 +03:00

kerem commented

2026-03-04 00:59:35 +03:00

Author

Owner

@sirtoobii commented on GitHub (Nov 4, 2023):

Hey,

Yes this should theoretically be possible without changing the code (untested):

Bind mount your CA bundle into the docker container
Point the REQUESTS_CA_BUNDLE env var to you bind mounted CA bundle inside the container.

@sirtoobii commented on GitHub (Nov 4, 2023): Hey, Yes this should theoretically be possible without changing the code (untested): - Bind mount your CA bundle into the docker container - Point the `REQUESTS_CA_BUNDLE` env var to you bind mounted CA bundle inside the container.

kerem commented

2026-03-04 00:59:35 +03:00

Author

Owner

@Fe3lApAcUt commented on GitHub (Nov 6, 2023):

Thanks, @sirtoobii! This is working.
Here is what I did:

mkdir data/ssl
copied the root CA certificate (rootca.crt)
added "REQUESTS_CA_BUNDLE=/data/ssl/rootca.crt" to .env
docker compose up -d

log showed:
2023-11-06:08:18:29 INFO [sync.py] Starting...
2023-11-06:08:18:29 INFO [sync.py] DRYRUN: True
2023-11-06:08:18:29 INFO [sync.py] LDAP server: xxx.xxx
2023-11-06:08:18:29 INFO [sync.py] Vaultwarden url: https://vw.xxx.xxx
2023-11-06:08:18:29 INFO [sync.py] Invite user xxx@xxx.ch

BR Marcel

@Fe3lApAcUt commented on GitHub (Nov 6, 2023): Thanks, @sirtoobii! This is working. Here is what I did: 1. mkdir data/ssl 2. copied the root CA certificate (rootca.crt) 3. added "REQUESTS_CA_BUNDLE=/data/ssl/rootca.crt" to .env 4. docker compose up -d log showed: 2023-11-06:08:18:29 INFO [sync.py] Starting... 2023-11-06:08:18:29 INFO [sync.py] DRYRUN: True 2023-11-06:08:18:29 INFO [sync.py] LDAP server: xxx.xxx 2023-11-06:08:18:29 INFO [sync.py] Vaultwarden url: https://vw.xxx.xxx 2023-11-06:08:18:29 INFO [sync.py] Invite user xxx@xxx.ch BR Marcel

kerem referenced this issue

2026-03-04 00:59:43 +03:00

[PR #3] [MERGED] Add checks for ldap response #15