On-Premise Installation "failed to fetch" on Client and Connector

staedter · August 14, 2018, 9:45am

Hi, I need help with our on-premise Installation of Bitwarden and I hope this is the proper forum to ask this question.

After successfully using the ./bitwarden.sh to get the container running and specifying bitwarden.ourcompany.de as the domain name for the Bitwarden Instance and adding an Host (A) resource for the Server which is running the Docker Containers. I can access Bitwarden with a Browser from our LAN using http://bitwarden.ourcompany.de but when i try to specify this very same address as the base URL in the Windows Client or the Bitwarden Connector I get a “failed to fetch” error.

FYI the URL is not accessible from the Internet because we didn’t put it in a forward lookupzone in our firewall. I think that shouldn’t be a problem, but i might be wrong.

I hope you guys can help me with this. Thanks in advance and best regards

Chris

kspearrin · August 14, 2018, 12:24pm

Are you using a self signed certificate? Is it trusted by the device?

staedter · August 14, 2018, 1:28pm

We’re using no certificate at all.

kspearrin · August 14, 2018, 1:30pm

You have to be using some type of certificate. It is required during installation.

staedter · August 14, 2018, 2:26pm

Ähm, that might be the Error. I did not select to generate a Let’s Encrypt certificate and we do not have a self signed certificate.

Is it possible to fix this at this point, or do I have to reinstall?

kspearrin · August 14, 2018, 2:39pm

Since I don’t know what configuration your installation is currently in, the only suggestion I can give it to reinstall and choose the appropriate cert options.

staedter · August 14, 2018, 3:05pm

Ok, i am now reinstalling. But i get this:

I guess the problem is now, that we only have a local DNS entry for the Bitwarden Instance, right?

kspearrin · August 14, 2018, 8:38pm

Yes, you can’t use Let’s Encrypt with a non-public domain.

staedter · August 15, 2018, 11:52am

Hi Kyle,

right now I am trying to get a self-signed certificate running with docker. After digging into OpenSSL and hopefully getting things configured right, I have a now a certificate.crt (which I bundled from a bitwarden.crt and a ca-root.crt) and a private.key which I got out of the bitwarden-key.pem

I placed these files in bwdata/ssl/bitwarden.ourcompany.de and now tried to reinstall the Docker Containers. The problem now is, that after everything is started, I can see in my Docker GUI (Portainer) that bitwarden-nginx is running and has joined docker_default and exposed Ports :80 and :443

BUT after 10 or 20 seconds the Webserver automatically drops from the Network and does so every time I manually rejoin the network docker_default.

Any Idea what is going on there?

kspearrin · August 15, 2018, 1:39pm

What does the nginx error log say in bwdata/logs?

staedter · August 15, 2018, 2:01pm

2018/08/15 13:42:25 [emerg] 1#1: PEM_read_bio_X509_AUX("/etc/ssl/bitwarden.ourcompany.de/certificate.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

Ok, I guess I didn’t do the OpenSSL stuff correct

Oh, well back to the drawing board.

kspearrin · August 15, 2018, 9:29pm

The install process can generate a self-signed cert for you if you choose.

staedter · August 16, 2018, 7:15am

Hey Kyle, I thought this is only possible for a public domain?

Edit: Ah, never mind. I found it ^^

AshviniJain · December 19, 2019, 8:13am

I have bitwarden aws ec2 instance connected to external MSSQL. I was able to edit the global file and everything was going good. then i edited the global file for admin, and now iam not able to access the bitwarden site itself. It says ‘too many redirects’.
i cleared cookies and tried but still same. and also i removed those snmp configuration to atleast revert back but couldnt.
i guess its something to do with ssl cert, but what iam not sure.