Bitwarden Android App not working with HTTPS #93

New Issue

AtHeartEngineer · 2025-07-08T08:39:44-04:00

AtHeartEngineer commented

2025-07-08 08:39:44 -04:00

Originally created by @lisgeorgbruckner on 5/5/2025

Vaultwarden Support String

Vaultwarden Admin
Settings
Users
Organizations
Diagnostics
Vault
Diagnostics
Versions
Server Installed Ok
1.33.2
Server Latest
1.33.2
Web Installed
2025.1.1
Database
SQLite: 3.48.0
Checks
OS/Arch
linux / x86_64
Running within a container
Yes (Base: Debian)
Environment settings overridden
No
Uses a reverse proxy
Yes
IP header Match
Config/Server: X-Real-IP
Internet access Ok
Yes
Internet access via a proxy
No
Websocket enabled
No
DNS (github.com) Ok
140.82.121.4
Date & Time (Local)
Server: 2025-05-05 22:17:55 +00:00
Date & Time (UTC) Server/Browser Ok Server NTP Ok Browser NTP Ok
NTP: 2025-05-05 22:17:55 UTC
Server: 2025-05-05 22:17:55 UTC
Browser: 2025-05-05 22:17:55 UTC
Domain configuration Match HTTPS
Server: https://password.bsolutions.at/admin/diagnostics
Browser: https://password.bsolutions.at/admin/diagnostics
HTTP Response validation Ok
Support
If you need support please check the following links first before you create a new issue: Vaultwarden Forum | Github Discussions
You can use the button below to pre-generate a string which you can copy/paste on either the Forum or when Creating a new issue at Github.
We try to hide the most sensitive values from the generated support string by default, but please verify if there is nothing in there which you want to hide!

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.33.2
Web-vault version: v2025.1.1
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: SQLite
Database version: 3.48.0
Environment settings overridden!: false
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Websocket Check: disabled
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**********************",
  "domain_origin": "*****://**********************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": false,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*********************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "******************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "105932",
  "yubico_secret_key": "***",
  "yubico_server": null
}

Vaultwarden Build Version

1.33.2

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

nginx version: nginx/1.18.0 (Ubuntu)

Host/Server Operating System

Linux

Operating System Version

Ubuntu 20.04.6 LTS

Clients

Android

Client Version

2025.4.0

Steps To Reproduce

Start the Android APP
Login with self hostet server
Add my server with https://servername.domain.tld
Fill in the Mail Adress
Continue
Fill in the Passwort
Login with Master Passwort

Expected Result

Login to the Vaultwarden tresor

Actual Result

The App shows this Error
An error occurred.
We couldn't verify the server's certificate. The certificate chain or proxy settings on your device or Bitwarden server may not be set up correctly.

Logs

on the nginx no access or error logs are shown from the android phone

Screenshots or Videos

No response

Additional Context

The iphone app works without any Problems.
10.0.1.239 - - [06/May/2025:00:24:51 +0200] "GET /api/sync HTTP/1.1" 401 440 "-" "Bitwarden_Mobile/2025.3.0 (iOS 18.4.1; Model iPhone)" 10.0.1.239 - - [06/May/2025:00:24:51 +0200] "POST /identity/connect/token HTTP/1.1" 200 1065 "-" "Bitwarden_Mobile/2025.3.0 (iOS 18.4.1; Model iPhone)" 10.0.1.239 - - [06/May/2025:00:24:51 +0200] "GET /api/sync HTTP/1.1" 200 2831469 "-" "Bitwarden_Mobile/2025.3.0 (iOS 18.4.1; Model iPhone)"
Also the Webversion is working well.

I also can access to the webversion from the chrome browser on the android phone. So DNS, IP works.

HTTP also works from the android phone

here my nginx config
`server {
server_name server.tld.at;
listen 80;
listen [::]:80;

return 301 https://$host$request_uri;

}

server { # passwork Webservice
listen 443 ssl;
server_name server.tld.at;
access_log /var/log/nginx/xxx-ssl.access.log;
error_log /var/log/nginx/xxx-ssl.error.log;

client_max_body_size 525M;

ssl_certificate          /opt/nginx/xxx.at.crt;
ssl_certificate_key       /opt/nginx/xxx.at.key;


    location / {

                    proxy_pass http://10.0.1.101:38080/;
                    proxy_http_version 1.1;
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
    }

}

`

*Originally created by @lisgeorgbruckner on 5/5/2025* ### Vaultwarden Support String V[aultwarden Admin](https://password.bsolutions.at/admin) [Settings](https://password.bsolutions.at/admin) [Users](https://password.bsolutions.at/admin/users/overview) [Organizations](https://password.bsolutions.at/admin/organizations/overview) [Diagnostics](https://password.bsolutions.at/admin/diagnostics) [Vault](https://password.bsolutions.at/) Diagnostics Versions Server Installed Ok 1.33.2 Server Latest 1.33.2 Web Installed 2025.1.1 Database SQLite: 3.48.0 Checks OS/Arch linux / x86_64 Running within a container Yes (Base: Debian) Environment settings overridden No Uses a reverse proxy Yes IP header Match Config/Server: X-Real-IP Internet access Ok Yes Internet access via a proxy No Websocket enabled No DNS (github.com) Ok 140.82.121.4 Date & Time (Local) Server: 2025-05-05 22:17:55 +00:00 Date & Time (UTC) Server/Browser Ok Server NTP Ok Browser NTP Ok NTP: 2025-05-05 22:17:55 UTC Server: 2025-05-05 22:17:55 UTC Browser: 2025-05-05 22:17:55 UTC Domain configuration Match HTTPS Server: https://password.bsolutions.at/admin/diagnostics Browser: https://password.bsolutions.at/admin/diagnostics HTTP Response validation Ok Support If you need support please check the following links first before you create a new issue: [Vaultwarden Forum](https://vaultwarden.discourse.group/) | [Github Discussions](https://github.com/dani-garcia/vaultwarden/discussions) You can use the button below to pre-generate a string which you can copy/paste on either the Forum or when Creating a new issue at Github. We try to hide the most sensitive values from the generated support string by default, but please verify if there is nothing in there which you want to hide! ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.33.2 * Web-vault version: v2025.1.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.48.0 * Environment settings overridden!: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: disabled * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**********************", "domain_origin": "*****://**********************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": false, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*********************", "smtp_from_name": "Vaultwarden", "smtp_host": "******************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "105932", "yubico_secret_key": "***", "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.33.2 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy nginx version: nginx/1.18.0 (Ubuntu) ### Host/Server Operating System Linux ### Operating System Version Ubuntu 20.04.6 LTS ### Clients Android ### Client Version 2025.4.0 ### Steps To Reproduce Start the Android APP Login with self hostet server Add my server with https://servername.domain.tld Fill in the Mail Adress Continue Fill in the Passwort Login with Master Passwort ### Expected Result Login to the Vaultwarden tresor ### Actual Result The App shows this Error An error occurred. We couldn't verify the server's certificate. The certificate chain or proxy settings on your device or Bitwarden server may not be set up correctly. ![Image](https://github.com/user-attachments/assets/30daf39d-074a-4f65-8a7f-db89197cfc23) ### Logs ```text on the nginx no access or error logs are shown from the android phone ``` ### Screenshots or Videos _No response_ ### Additional Context The iphone app works without any Problems. ` 10.0.1.239 - - [06/May/2025:00:24:51 +0200] "GET /api/sync HTTP/1.1" 401 440 "-" "Bitwarden_Mobile/2025.3.0 (iOS 18.4.1; Model iPhone)" 10.0.1.239 - - [06/May/2025:00:24:51 +0200] "POST /identity/connect/token HTTP/1.1" 200 1065 "-" "Bitwarden_Mobile/2025.3.0 (iOS 18.4.1; Model iPhone)" 10.0.1.239 - - [06/May/2025:00:24:51 +0200] "GET /api/sync HTTP/1.1" 200 2831469 "-" "Bitwarden_Mobile/2025.3.0 (iOS 18.4.1; Model iPhone)" ` Also the Webversion is working well. I also can access to the webversion from the chrome browser on the android phone. So DNS, IP works. HTTP also works from the android phone here my nginx config `server { server_name server.tld.at; listen 80; listen [::]:80; return 301 https://$host$request_uri; } server { # passwork Webservice listen 443 ssl; server_name server.tld.at; access_log /var/log/nginx/xxx-ssl.access.log; error_log /var/log/nginx/xxx-ssl.error.log; client_max_body_size 525M; ssl_certificate /opt/nginx/xxx.at.crt; ssl_certificate_key /opt/nginx/xxx.at.key; location / { proxy_pass http://10.0.1.101:38080/; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } `

AtHeartEngineer closed this issue

2025-07-08 08:39:44 -04:00

AtHeartEngineer added the bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug labels 2025-07-08 08:39:46 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#93