Accept Invalid Certs and Accept Invalid Hostnames are False

bartAV · July 25, 2022, 9:23am

I notice that these options are marked red in the admin panel.

Accept Invalid Certs (Know the risks!) Default: false
Accept Invalid Hostnames (Know the risks!) Default: false

How do I fix that?
I’m running Vaultwarden in e Docker container starting with smtp settings:

-e SMTP_HOST=mail.server.com
-e SMTP_SECURITY=starttls
-e SMTP_FROM=info@server.com
-e SMTP_USERNAME=info@server.com
-e SMTP_PASSWORD=my-password

which work well.

Apache proxy is configured:

/etc/apache2/sites-enabled/vw.server.com

<IfModule mod_ssl.c>
<VirtualHost ip-address:443 [ipv6-address::4]:443>
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

    ServerAdmin webmaster@server.com
    ServerName vw.server.com

    SSLEngine On
    Include /etc/letsencrypt/options-ssl-apache.conf

##logging
    ErrorLog /bw-data/bitwarden-error.log
    CustomLog /bw-data/bitwarden-access.log combined

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [P,L]

    ProxyPass / http://localhost:9011/

        ProxyPreserveHost On
        ProxyRequests Off
        RequestHeader set X-Real-IP %{REMOTE_ADDR}s

    </IfModule>

    SSLCertificateFile /etc/letsencrypt/live/server.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/server.com/privkey.pem
</VirtualHost>
</IfModule>

What do I miss so that invalid certs are accepted? Or does this not matter, because the cert is managed by apache with the proxy?

BlackDex · July 25, 2022, 9:37am

They are red because they are risky to use. They could cause security issues.

All items which contain Risk will be marked red.
It’s not an issue, just that you are aware of using that feature.

bartAV · July 25, 2022, 9:40am

Can I prevent it? Or is this a consequence of using the apache proxy?

BlackDex · July 25, 2022, 9:41am

Prevent what?
It’s just a notice so that people are a bit more aware of that those options are risky to use when set to enabled. If you do not use them there is no issue.

bartAV · July 25, 2022, 9:55am

Is it possible to set these settings to true from docker startup script? like -e …

BlackDex · July 25, 2022, 10:27am

Yes, but why would you want to do that?
It is only needed if your SMTP doesn’t use a valid certificate.
This has nothing to do with HTTPS or whatever.

Topic		Replies	Views
Unable to install vaultwarden on docker (Ubuntu 20.04)	8	1524	February 22, 2022
IOS app giving SSL errors Help	4	2357	October 25, 2021
Configuring HTTPS - diagnostics error Help	2	1410	September 2, 2022
Self-hosted instance with HTTPS	5	2244	February 20, 2022
[Solved] Problem with the Android App "Hostname not verified" Help	5	6860	September 29, 2023

Accept Invalid Certs and Accept Invalid Hostnames are False

Related Topics