Setting up HTTPS for Bitwarden_RS using Letsencrypt Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
gasto
Posts: 37
Joined: Fri Dec 04, 2020 2:24 am

Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by gasto »

Hey guys,

I´m finished with the installation of Bitwarden_RS on my Dietpi server. I can access the web interface at https://localip:8001 without any problem, but it says the certificate is invalid.

So I guess I need to let Bitwarden_RS know of my existing HTTPS certificates that Letsencrypt has already generate. So I went and edited bitwarden_rs.env on the ROCKET_TLS section like this:

Code: Select all

ROCKET_TLS={certs="/etc/letsencrypt/live/domain.duckdns.org/fullchain.pem",key="/etc/letsencrypt/live/domain.duckdns.org/privkey.pem"}
However, this breaks Bitwarden_rs and I have to roll back those changes.
Any clues on what could I be doing wrong?

Thank you.
User avatar
Joulinar
Posts: 3234
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by Joulinar »

Hi,

this looks exactly the same as this one on our GitHub https://github.com/MichaIng/DietPi/issu ... -749170631

probably missing authorisation on your certificate.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
gasto
Posts: 37
Joined: Fri Dec 04, 2020 2:24 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by gasto »

Thank you as usual Joulinar. I don´t understand how to do this part then: Best practice would be to copy/overwrite the self-signed key+cert with the ones from Certbot and chown bitwarden_rs:bitwarden_rs /mnt/dietpi_userdata/bitwarden_rs/{privkey,cert}.pem

Needless to say that script to automate renewal :/
gasto
Posts: 37
Joined: Fri Dec 04, 2020 2:24 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by gasto »

Okay, I think I got it now. I copied and overwrited my fullchain.pem and privkey.pem on /mnt/dietpi_userdata/bitwarden_rs folder, but when I execute for example chown bitwarden_rs:bitwarden_rs /mnt/dietpi_userdata/bitwarden_rs/fullchain.pem it says the directory or file does not exist, but it does! If I ls on that directory I can see those files.
gasto
Posts: 37
Joined: Fri Dec 04, 2020 2:24 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by gasto »

Managed to fix the chown command by doing sudo ln -s
However, bitwarden breaks again after doing this.

My ls -al inside my /mnt/dietpi_userdata/bitwarden_rs looks like this:

Code: Select all

total 248
drwxr-xr-x 4 bitwarden_rs bitwarden_rs   4096 Dec 21 18:49 .
drwxrwxr-x 8 dietpi       dietpi         4096 Dec 21 13:54 ..
-rw-r--r-- 1 bitwarden_rs bitwarden_rs  12146 Dec 21 18:07 bitwarden_rs.env
-rw-r--r-- 1 bitwarden_rs bitwarden_rs   1765 Dec 21 13:54 cert.pem
-rw-r--r-- 1 bitwarden_rs bitwarden_rs 208896 Dec 21 17:27 db.sqlite3
lrwxrwxrwx 1 root         root             57 Dec 21 18:47 fullchain.pem -> /etc/letsencrypt/live/domain.duckdns.org/fullchain.pem
drwxr-xr-x 2 bitwarden_rs bitwarden_rs   4096 Dec 21 16:39 icon_cache
lrwxrwxrwx 1 root         root             55 Dec 21 18:46 privkey.pem -> /etc/letsencrypt/live/domain.duckdns.org/privkey.pem
-rw------- 1 bitwarden_rs bitwarden_rs   1193 Dec 21 14:03 rsa_key.der
-rw------- 1 bitwarden_rs bitwarden_rs   1679 Dec 21 14:03 rsa_key.pem
-rw-r--r-- 1 bitwarden_rs bitwarden_rs    270 Dec 21 14:03 rsa_key.pub.der
drwxr-xr-x 8 bitwarden_rs bitwarden_rs   4096 Dec  8 12:01 web-vault
My ROCKET_TLS section on bitwarden conf file:

Code: Select all

ROCKET_PORT=8001
ROCKET_TLS={certs="./fullchain.pem",key="./privkey.pem"}

Any clues? Thank you
User avatar
Joulinar
Posts: 3234
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by Joulinar »

well the symlinc will not fix the permission on the original certificate file. I guess you would need to copy them to /mnt/dietpi_userdata/bitwarden_rs and change ownership
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
gasto
Posts: 37
Joined: Fri Dec 04, 2020 2:24 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by gasto »

Yes, I think I that by using chown bitwarden_rs:bitwarden_rs /mnt/dietpi_userdata/bitwarden_rs/fullchain.pem

But even after that, the result for ls -al is still the same:

Code: Select all

total 248
drwxr-xr-x 4 bitwarden_rs bitwarden_rs   4096 Dec 21 18:49 .
drwxrwxr-x 8 dietpi       dietpi         4096 Dec 21 13:54 ..
-rw-r--r-- 1 bitwarden_rs bitwarden_rs  12146 Dec 21 18:07 bitwarden_rs.env
-rw-r--r-- 1 bitwarden_rs bitwarden_rs   1765 Dec 21 13:54 cert.pem
-rw-r--r-- 1 bitwarden_rs bitwarden_rs 208896 Dec 21 17:27 db.sqlite3
lrwxrwxrwx 1 root         root             57 Dec 21 18:47 fullchain.pem -> /etc/letsencrypt/live/domain.duckdns.org/fullchain.pem
drwxr-xr-x 2 bitwarden_rs bitwarden_rs   4096 Dec 21 16:39 icon_cache
lrwxrwxrwx 1 root         root             55 Dec 21 18:46 privkey.pem -> /etc/letsencrypt/live/domain.duckdns.org/privkey.pem
-rw------- 1 bitwarden_rs bitwarden_rs   1193 Dec 21 14:03 rsa_key.der
-rw------- 1 bitwarden_rs bitwarden_rs   1679 Dec 21 14:03 rsa_key.pem
-rw-r--r-- 1 bitwarden_rs bitwarden_rs    270 Dec 21 14:03 rsa_key.pub.der
drwxr-xr-x 8 bitwarden_rs bitwarden_rs   4096 Dec  8 12:01 web-vault
It´s like both still remain root:root even after executing chown.
User avatar
Joulinar
Posts: 3234
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by Joulinar »

yes because it's still the symlinc. you would need to remove the link and copy the files.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
gasto
Posts: 37
Joined: Fri Dec 04, 2020 2:24 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by gasto »

Do you know how can I remove the link without deleting the file? I searched on Google but I didn´t find any useful link. It says I should execute: rm symlink_name

But that would remove the file itself?
User avatar
Joulinar
Posts: 3234
Joined: Sat Nov 16, 2019 12:49 am

Re: Setting up HTTPS for Bitwarden_RS using Letsencrypt

Post by Joulinar »

no you can just remove the link using rm. To beeee on safe side. Do a dietpi-backup before. This will save your entire system including your certificates. It's always good to have a fall back scenario in case thinks happen ;)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply