I’m running DietPi as a VM, and I had to change its static IP address. I searched high and low through the UI, the Dashboard UI, Vaultwarden, online documentation, and google/chatgpt search and could not find how to update the Vaultwarden LetsEncrypt SSL cert.
I know that it creates this SSL cert during installation. However, I found no ability to update it once my LAN IP address changed. Ultimately, I exported my list from Vaultwarden. Uninstalled. And then re-installed and set up again from scratch. That seems to have worked - my cert now shows the new IP in the cert.
Is there a way to manually kick off the regeneration? Any way to bake this into the Dashboard, CLI, or did I miss documenation on this?
Vaultwarden is the only software installed here. (posting also in case anyone else needs help)
You won’t find anything there either. To simplify installation, we have created our own DietPi Debian package, which we use to install Vaultwarden. The certificates are also created during installation of the Debian package using apt.
You could now go ahead and delete the current certificates manually and then reinstall Vaultwarden via apt. The configuration and user settings, etc. should remain intact. Only the certificates should be recreated.
I don’t have my device externally facing. When I changed the LAN IP, I did get security errors whereas previously, with the old IP, I did not after adding it to my devices certificate authority store.
Shrug. I’m not sure if it truly matters or not as you say.
Regardless, I felt it was important to surface how the process would work because at some point it might be necessary for folks to refresh their self signed cert and I couldn’t find that documented anywhere.
If it’s not available to the internet I see no reason why you need a cert then. What communication want you to protect? The connection from your PC to the VM inside your own LAN?
Just because it’s not on the internet doesn’t mean I’m going to minimize security. I’m still going to use strong passwords and encrypt the traffic because it literally has access to alllll of my accounts. so I’m going to do everything I can to protect that. Yes I realize that SSL only encrypts the browser traffic but the point is I’m still not going to leave any potential attack vector open, if it can be avoided.
Yup. And the whole reason I brought this up is because I originally saved the cert with my old LAN IP. When I switched IPs my iPhone stopped working. So I reset the cert but I’m still having issues with the app. FWIW, I am in IT (although, not as familiar with servers and SSL to be fair), have been for 25 years. I think I might need to do some more troubleshooting… but for now, at least I’ve got it on my desktop.
Yup. I was able to remove the cert profile in iOS (I think) and then download and installed the newest. But still having trouble. But I’ll post in another topic if I can’t figure it out.