Android app shows TLS certificate expired, still has 6 hours of validity

Using Bitwarden on Android, Version 2024.12.0 (19597).

I have a Vaultwarden instance running and hosted on my own domain, no problems for 2 years so far. However, I have come to the realization that today my TLS certificate was going to expire (6:00 GMT). I was trying to sign in with the Android client at 0:30 GMT approximately, and the app threw an error telling me that the certificate is expired. This is false, and after renewing my webserver certificate for 3 more months, the app worked normally.

Is this an intended design? I understand that this error might pop up when the certificate is expired, but the certificate still has 6 hours more of life to be used. I know this might be a small nuance, but I don’t think that just because normally TLS certificates have a 0:00 to 23:59 validity, we should extend this validation to all certificates universally without checking it out.

@zallaevan Welcome to the Bitwarden Community Forum!

It seems that you are having issues with your Vaultwarden server. Vaultwarden is not a Bitwarden product. If you can replicate this issue on a Bitwarden server, feel free to open a new thread.

In the meantime, the best place to seek support for Vaultwarden issues is from the Vaultwarden community:

• https://github.com/dani-garcia/vaultwarden/issues
• https://github.com/dani-garcia/vaultwarden/discussions
• https://vaultwarden.discourse.group/
• https://matrix.to/#/#vaultwarden:matrix.org
• /r/vaultwarden

One take away from this is that certs are best renewed a few days/weeks in advance to avoid outages caused by renewal problems and also so any time-zone related bugs do not get tripped.

Every “for profit” certificate authority I have delt with allows certificate renewals up to 1 month before the expiration and without affecting the anniversary.