Hello Everyone!

I’m having a little hard time configuring Bitwarden OnPremise on docker with SSL.
I’ve the following setup:
PFSense Firewall with SQUID Reverse Proxy
Bitwarden on a NAS in docker.

So Bitwarden is BEHIND a ReverseProxy (Squid)

I’ve configured Squid on PFSense with a wildcard certificate through ACME configured as following:
-mydomain.com
*.mydomain.com

I then used this wildcardcertificate for the Squid Reverse Proxy.
I have then tried to check if till here is all ok, and through https://www.digicert.com/help/
it seems to be all ok. (I had to configure in the Squid also the Intermediate Certificate)

I have then created (through ACME Again) a certificate for bitwarden : ht tp://bw.mydomain.com.
I took the fullchain certificate (the one that include also the intermediate certificate) and the privatekey.
I then applied it to my webserver (nginx).
When I try to connect through h ttps://bw.mydomain.com I receive the following error:

The system returned:

(92) Protocol error (TLS code: SQUID_X509_V_ERR_DOMAIN_MISMATCH)

Certificate does not match domainname: /CN=mywebsite.mydomain.com

To check, I’ve reached my website from my internal network, and obviously I receive a certificate error because it tells me that the certificate is ONLY VALID for bw.mydomain.com

What I’m missing here?
Thanks in advice.

Anyone can help me out?

This seems like a problem with your Squid configuration? I would double check and make sure it’s configured properly. Nevertheless, I much prefer Nginx reverse proxy over Squid, Squid can be a nightmare at times. Though, following this thread here https://forum.netgate.com/topic/98298/pfsense-2-3-nginx-questions/17. There doesn’t seem-to-be easy way to do this, that’s if you’re interested. Nevertheless, I would double check you config, if Squid supports SNI, it’s sending the wrong cert.