Self-hosted, LAN only, struggling with SSL setup

So, I’m going to skip some of the other hurdles that I’ve had, but want to give a little bit of background.

I’ll be running this on my LAN only for now, and I do not have nor intend to obtain a registered domain with an SSL certificate from a public CA at this time. However, I do not want to go with a generic self signed certificate because I want the mobile apps to be able to connect, which the android app (at least) would NOT do using the simple self signed certificate created by the installer.

So I did do some testing with it set up that way, but then blew away the install and started over.

I should point out here that I have not previously set up SSL with anything more than a self signed certificate.

So -

I have created a CA on the LAN, created a certificate for bitwarden.myfakedomain.local, with that CA, and imported the CA certificate into the client device I’ll be using for testing. I followed a howto after reading several of them, and I’m pretty sure I did all that correctly.

I also configured dnsmasq on a server on my LAN, and have ensured that the IP of my dnsmasq instance is being sent as the primary dns to all DHCP clients on my LAN. With this in place, bitwarden.myfakedomain.local (that’s not actually what I’m calling it) resolves properly on my LAN, which is all I need it to do.

I struggled a little bit with the initial start process at the end of the Bitwarden install script, because it kept getting stuck on starting nginx. Turned out I needed to extract a key and .crt from 2 .pem files I generated instead of trying to just use the .pem.

Having moved past that, I was able to do the initial start, and according to the terminal output everything looks great and Bitwarden is running.

But I can’t access the web GUI and the nginx log has this:

SSL_CTX_load_verify_locations("/etc/ssl/bitwarden.myfakedomain.local/ca.crt") failed (SSL:)

So this makes me think something is still not right with the SSL setup, but I don’t understand the error well enough to know what, and googling hasn’t turned up anything useful to me. I can only say that the path noted there is correct, and that .crt file does exist.

I’m hoping this is an easy one for someone more experienced. I appreciate any suggestions.

Thanks!

Have you tried doing some Google searching on this error for nginx? I am not familiar with it.

I have, but what I turned up so far seems to expect a greater level of knowledge than I have regarding the workings of SSL, or to be related to situations too different from mine to be of much use.

I’ll google further and post back here with anything that appears to lead in the right direction, to see if maybe what I find is more helpful to you than to me.

that error happens when nginx can’t find the file or something is wrong with the file.

Thanks. I may just suck it up and register a domain for this so I can get an SSL certificate the “normal” way. I don’t understand the workings of SSL enough to have any idea what could be wrong with the file I have provided, and I know the paths are correct per the comments in that section of the config.yml file.