So, I’m going to skip some of the other hurdles that I’ve had, but want to give a little bit of background.
I’ll be running this on my LAN only for now, and I do not have nor intend to obtain a registered domain with an SSL certificate from a public CA at this time. However, I do not want to go with a generic self signed certificate because I want the mobile apps to be able to connect, which the android app (at least) would NOT do using the simple self signed certificate created by the installer.
So I did do some testing with it set up that way, but then blew away the install and started over.
I should point out here that I have not previously set up SSL with anything more than a self signed certificate.
I have created a CA on the LAN, created a certificate for bitwarden.myfakedomain.local, with that CA, and imported the CA certificate into the client device I’ll be using for testing. I followed a howto after reading several of them, and I’m pretty sure I did all that correctly.
I also configured dnsmasq on a server on my LAN, and have ensured that the IP of my dnsmasq instance is being sent as the primary dns to all DHCP clients on my LAN. With this in place, bitwarden.myfakedomain.local (that’s not actually what I’m calling it) resolves properly on my LAN, which is all I need it to do.
I struggled a little bit with the initial start process at the end of the Bitwarden install script, because it kept getting stuck on starting nginx. Turned out I needed to extract a key and .crt from 2 .pem files I generated instead of trying to just use the .pem.
Having moved past that, I was able to do the initial start, and according to the terminal output everything looks great and Bitwarden is running.
But I can’t access the web GUI and the nginx log has this:
SSL_CTX_load_verify_locations("/etc/ssl/bitwarden.myfakedomain.local/ca.crt") failed (SSL:)
So this makes me think something is still not right with the SSL setup, but I don’t understand the error well enough to know what, and googling hasn’t turned up anything useful to me. I can only say that the path noted there is correct, and that .crt file does exist.
I’m hoping this is an easy one for someone more experienced. I appreciate any suggestions.