I’m noticing a lot of entries in a log file found here: /home/bitwarden/bwdata/logs/nginx:
2023/01/30 00:10:24 [error] 42#42: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status>
2023/01/30 00:36:07 [error] 42#42: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status>
2023/01/30 00:36:13 [warn] 42#42: *19907 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/6/00/0000000006 while reading upstream, client: 98.246.255>
These errors repeat over and over.
In my config.yml file it references this path for my certificate: ssl_certificate_path: /etc/ssl/bitwarden.glenspcservice.com/certificate.crt
The path that certificate is really in is: /home/bitwarden/bwdata/ssl/bitwarden.glenspcservice.com
The nginx default.conf file even has the certificate: /etc/ssl/bitwarden.glenspcservice.com/certificate.crt
With all this seeming to disagree I’m not sure how this Bitwarden install is working with a secure site but it is.
When I load the site and click on the padlock: Issued By Common Name (CN) R3
Organization (O) Let’s Encrypt Issued On Sunday, December 18, 2022 at 8:44:58 AM
Expires On Saturday, March 18, 2023 at 9:44:57 AM
Port 80 & 443 are blocked by my ISP. Using Certbot required DNS validation.
When I originally configured everything I thought my cert was issued by my web host so I chose NO when the setup questions asked about a LE certificate. When it came to installing it on my server I manually created the files in the /bwdata/ssl/bitwarden.glenspcservice.com directory because that’s how I saw it in the guide I was following.
It seems I should probably fix this since this really is a LE cert and these errors are likely being generated because I did these manual things.
Is this easily fixable? What would be the process for switching from this “self-managed” cert to a LE one?