Resolved!
TLDR:
Background:
-Self-Hosted Vaultwarden, docker container, on Synology NAS
-[Sudden] login failure error
-Bitwarden desktop client login failed
-Chrome/Brave extension login failed
-Edge extension login successful
-iPhone/iPad app login successful
Root Cause:
-old/deprecated docker image
Resolution:
-spun up Watchtower container for long-term fix
-Watchtower automatically detected and updated Vaultwarden image and recreated container with latest image
-manually pruned all unused Docker images
STORY TIME
Had same issue with my self-hosted vaultwarden container after a fresh Windows 11 install. I was also suddenly unable to login on my Mac laptop.
I was absolutely sure I was using the correct username/password, but kept getting the “Invalid username/password” error when logging in to the Bitwarden Desktop app and Brave/Chrome extensions. Somehow, our iPhone Bitwarden apps were still working, and I was able to login using the Bitwarden extension for Edge.
I’ve spent many hours over several days reading stuff online and found a lot of people experienced the same issue over several years, spanning over various versions. Discussion threads would just end and go stale without any real working solutions.
For self-hosted instances, it seemed to me that this issue occurs whenever a container is using a deprecated vaultwarden/server image.
So I ssh’d into my server and ran a few docker commands.
#To get my current Vaultwarden docker container ID
$ sudo docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
273aebcda9c7 vaultwarden/server:latest "/start.sh" 33 minutes ago Up 33 minutes (healthy) 0.0.0.0:3012->3012/tcp, 0.0.0.0:5555->80/tcp vaultwarden-serve
#To inspect the container and see which image it’s using
$ sudo docker container inspect 273aebcda9c7
sections of the resulting output clued me in that my container was definitely using an old image…
"Labels": {
"org.opencontainers.image.created": "2021-04-30T14:49:52+00:00",
"org.opencontainers.image.documentation": "https://github.com/dani-garcia/vaultwarden/wiki",
"org.opencontainers.image.licenses": "GPL-3.0-only",
"org.opencontainers.image.revision": "1e5306b8203a7ebe24047910e6c690c18c6d827a",
"org.opencontainers.image.source": "https://github.com/dani-garcia/vaultwarden",
"org.opencontainers.image.url": "https://hub.docker.com/r/vaultwarden/server",
"org.opencontainers.image.version": "1.21.0"
Then, I also decided to prune any unused docker images
$ sudo docker image prune -a
At this point, I knew my next step was to update my docker image – which I’ve never done before. And I was scared that I’d somehow lose my vault if I messed things up. Then, I remembered somewhere in my research that someone mentioned a “watchtower” docker which automates docker image updates. This seemed like a much better short-term and long-term solution for this issue.
https://containrrr.dev/watchtower/
Thanks to all the wonderful contributors to this small but outstanding docker!
So I used the quick-start script and spun up a Watchtower container. I then stopped it to add an Environment Variable: “WATCHTOWER_RUN_ONCE”, with a value of “true”, to force a one-time update of all running containers.
With my Vaultwarden container running, I restarted the Watchtower container. After a few minutes, I got a notification from my server that my Vaultwarden container had stopped unexpectedly, indicating that Watchtower was doing its job. The container logs also provides good documentation.
Once I verified Vaultwarden was running, and I was able to pull up and login to the webvault, I tried logging into the Desktop client and Chrome/Brave extensions.
Success!
Everything works again!
Hopefully this helps other people experiencing the same issue.