SSO/ Identity containers certificate error

I’ve installed bitwarden as per Linux Manual Deployment | Bitwarden Help Center .

I am running on RHEL9.4 , using podman-compose 1.0.6, podman version is 4.9.4

We use the standard podman-compose -d command to start the containers. After a battle with SELinux ,most of which come up fine with no further errors apart from sso and identity.

For these two we get the same error :

Unhandled exception. System.Exception: No identity certificate to use.
   at Bit.SharedWeb.Utilities.ServiceCollectionExtensions.AddIdentityServerCertificate(IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings) in /home/runner/work/server/server/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs:line 519
   at Bit.Identity.Utilities.ServiceCollectionExtensions.AddCustomIdentityServerServices(IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) in /home/runner/work/server/server/src/Identity/Utilities/ServiceCollectionExtensions.cs:line 25
   at Bit.Identity.Startup.ConfigureServices(IServiceCollection services) in /home/runner/work/server/server/src/Identity/Startup.cs:line 135
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor)
   at System.Reflection.MethodBaseInvoker.InvokeDirectByRefWithFewArgs(Object obj, Span`1 copyOfArgs, BindingFlags invokeAttr)
   at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services)
   at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.UseStartup(Type startupType, HostBuilderContext context, IServiceCollection services, Object instance)
   at Microsoft.Extensions.Hosting.HostBuilder.InitializeServiceProvider()
   at Microsoft.Extensions.Hosting.HostBuilder.Build()
   at Bit.Identity.Program.Main(String[] args) in /home/runner/work/server/server/src/Identity/Program.cs:line 10
Unhandled exception. System.Exception: No identity certificate to use.

The containers run long enough to confirm that the certificates, private key and PFX are present in /etc/bitwarden/identity (within the container) so I know the volumes are being mounted correctly (also tested with working containers to confirm) .

There are no permission errors so I don’t think that is the issue, I’ve even tried running with normal docker vs podman but the same issue is present.

I thought it could be the env file but the uid.env is passed through correctly.

I cannot work out what else it might be. Any help would be very much appreciated.

Thanks

Expected Result

Containers to run sucessfully without error

Actual Result

For these two containers (sso / identity) we get the same error :

Unhandled exception. System.Exception: No identity certificate to use.
   at Bit.SharedWeb.Utilities.ServiceCollectionExtensions.AddIdentityServerCertificate(IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings) in /home/runner/work/server/server/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs:line 519
   at Bit.Identity.Utilities.ServiceCollectionExtensions.AddCustomIdentityServerServices(IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) in /home/runner/work/server/server/src/Identity/Utilities/ServiceCollectionExtensions.cs:line 25
   at Bit.Identity.Startup.ConfigureServices(IServiceCollection services) in /home/runner/work/server/server/src/Identity/Startup.cs:line 135
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor)
   at System.Reflection.MethodBaseInvoker.InvokeDirectByRefWithFewArgs(Object obj, Span`1 copyOfArgs, BindingFlags invokeAttr)
   at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services)
   at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.UseStartup(Type startupType, HostBuilderContext context, IServiceCollection services, Object instance)
   at Microsoft.Extensions.Hosting.HostBuilder.InitializeServiceProvider()
   at Microsoft.Extensions.Hosting.HostBuilder.Build()
   at Bit.Identity.Program.Main(String[] args) in /home/runner/work/server/server/src/Identity/Program.cs:line 10
Unhandled exception. System.Exception: No identity certificate to use.

The containers run long enough to confirm that the certificates, private key and PFX are present in /etc/bitwarden/identity (within the container) so I know the volumes are being mounted correctly (also tested with working containers to confirm) .

There are no permission errors so I don’t think that is the issue, I’ve even tried running with normal docker vs podman but the same issue is present.

I thought it could be the env file but the uid.env is passed through correctly.

I cannot work out what else it might be. Any help would be very much appreciated.

Thanks

Build Version

latest tag

Environment

Self-Hosted

Environment Details

RHEL9.4 , podman compose

@sjwilkinson Welcome to the forum!

I would suggest filing a bug report (“New Issue”) on GitHub.

Hi @grb ,

This is what I originally did and was redirected here .

I may have to go through formal support for this if nobody is able to assist. (Unless i manage to resolve it in the meantime).

Thanks,

In case it helps anyone else, I have resolved this.

This setting MUST be added to global.env / global.override.env for self hosted instances :

globalSettings__selfHosted=true

This is missing from the documentation completely (as best I can tell).

Thanks @sjwilkinson I’ve shared with the documentation team to take a look.

Thank you @sjwilkinson The solution also worked for me and I’m rebuilding our self hosted server with Rocky Linux 9.4.