Make Let's Encrypt certificate work with new domain and mobile app

Hi guys,

I’m a newbie, I just put Bitwarden on my Ubuntu VM. I followed instructions found on the official page and on the web. So far, I’m impressed how plugin works. But I need to start using it with mobile devices such as Android and iOS.

I originally expected to use it locally and access via VPN but it’s seeming that for Android I still need SSL cert from the CA like Let’s Encrypt???

I just need to clarify the steps for obtaining SSL cert from Let’s Encrypt, verifying, configuring local DNS and access via domain name over the LAN.

What I have so far.

  • Working Bitwarden and verified instance on Ubuntu VM.
  • Free No-IP domain, ex: blablasecure.ddns.n e t
  • MS AD DNS machine - although it seats on other VLAN that I use for work, it currently allowed to connect to Bitwarden, which is also seats on its own /30 VLAN.

My Bitwarden was configured with self-signed certificate.

Let me know if my logic is correct to make SSL work and or make it accessible from the WAN side (although I’m ok use of VPN).

  • Install certbot app via SSH on Bitwarden VM (Ubuntu) and point to blablasecure.ddns.n e t as a domain and generate the cert. I’m not so clear how to verify the domain…
  • Create blablasecure.ddns.n e t zone and A record with Bitwarden LAN IP to match that domain.
  • Modify eth0 and point OS DNS to my Windows DNS server once SSL cert is verified.
  • Export cert files via portal or SSH and import to Android phone.
  • Setup reverse proxy to make https:// from the LAN.

Thank you.

You need to have a valid Cert for your installation. Either use the built-in cerbot or use a reverseproxy with SSL cert configured.

If its a self signed cert, you will need to add it in your trusted store on the devices on which you are using the bitwarden app.

Additional info here:

I copied cert file and placed to Android phone. I don’t see section with trusted store on this Samsung version of the Android, it only has user certificates. Later, I found this page, does it make sense in my case?

I have to invest more into certbot way as I feel that for passwords it’s better to use real CA cert. But just wanted to test mobile app.

As far as security is concerned, the CA won’t matter. I.e the self signed one will be equally secure. But for convenience, it definitely will.

Likely I’m doing it incorrectly but do you know file system location of my self-signed cert in Ubuntu?
Also, does it matter for app if it generated with IP or DNS name?
I wanted to try the app before plunging into Let’s Encrypt.