Bitwarden_rs updating config file

Hi guys,

I’ve installed Bitwarden_rs using dietpi-software and it all seems to be working.

I want to do some hardening, like disabling new user registrations and invitations.

So I followed the dietpi guide which indicates the config file is located at /mnt/dietpi_userdata/bitwarden_rs/bitwarden_rs.env

So I uncommented/edited the file with


I restarted my RPi, but it still seems to show the Create Account button?

Am I doing it right?


did you actually tried to complete the registration of a new user? There are some messages on Bitwarden Github about the register button still being available but final registration should not work

Ah, you are indeed correct. I incorrectly assumed the disabling registrations in the config would also logically disable the button.

I’m now trying to figure out how add the root certificate in iOS. I transferred cert.pem to the device and installed the profile, but the BitWarden iOS app doesn’t seem to like it. It reports an invalid certificate.

Or do I need to do something like this: Create new page · dani-garcia/vaultwarden Wiki · GitHub

If you can point me in the right direction, I can do some more research on it.

yes this is an issue that will be corrected for new installations on upcoming release 7.0.

On current installations the self signed certificate we create will not be accepted by iOS. Therefore you would need to recreate the entire certificate

Removing the old certificate and following should work

openssl req -reqexts SAN -subj '/CN=DietPi Bitwarden_RS' -config <(cat /etc/ssl/openssl.cnf <(echo -ne "[SAN]\nsubjectAltName=DNS:$(</etc/hostname),IP:$(mawk 'NR==4' /run/dietpi/.network)\nbasicConstraints=CA:TRUE,pathlen:0"))\
 -x509 -days 7200 -sha256 -extensions SAN -out /mnt/dietpi_userdata/bitwarden_rs/cert.pem\
 -newkey rsa:4096 -nodes -keyout /mnt/dietpi_userdata/bitwarden_rs/privkey.pem

Many thanks for the confirmation.

I tried running the command above, but got:

req: Use -help for summary.

ah sorry, there are some spaces lost while copying the code. I corrected the statement above. There is a leading space on line 2 and 3.

Many thanks for your help, I was able to install the certificate.

Unfortunately, I still get the same invalid certificate error when trying to login using the Bitwarden app.

I’m using the IP address of dietpi for the self hosted URL, i.e.

Is this correct?

you need to install the certificate on iOS before. So download the certificate and store it on your mobile device.

One our online docs we describe how to download:

This guide describe how to install the cert files on iOS14

Sorry, I should have been clearer.

I did regenerate the certificate, and also uploaded to my iOS device and installed the certificate. It shows the green tick this time.

I also added full trust via the settings, but still the Bitwarden iOS app would not connect.

I also installed the certificate in Windows 10:

Bitwarden app - failed to fetch
Edge browser - all good, padlock shown
Chrome browser - all good, padlock shown
Firefox browser - works, but still connection not secure warning

Is there anything you would like me to try, or should I wait for the next release?

there will be no other change on the next release, except the certificate configuration you already have. On my test I was able to use the iOS app without issues. Maybe I will run some more test somewhere this weekend.

Ok I tested on current DietPi Beta 7.0 and both, the W10 App as well as iOS App are working with the new certificate settings.

before creating the new certificate, did you deleted the old one? Did you restart your systems after certificate creation?

Thank you for all the help.

I discovered the problem last night when I was testing that the certificate being served was still the old one.

So I restarted the Bitwarden service and everything is now working.

Sorry I did not have the time to update here as it was late. I could have saved you some testing. Sorry for that.

The only remaining thing to solve is the “connection not secure” warning in Firefox when accessing the web vault. I believe Firefox doesn’t use the Windows certificates. More research is needed, but I’m happy to have something functional. Thanks again!

Yes certificate would need to be installed on Firefox as well. However, Firefox is detecting that we manipulate the certificate :face_with_raised_eyebrow: