Accept Invalid Certs and Accept Invalid Hostnames are False

I notice that these options are marked red in the admin panel.

Accept Invalid Certs (Know the risks!) Default: false
Accept Invalid Hostnames (Know the risks!) Default: false

How do I fix that?
I’m running Vaultwarden in e Docker container starting with smtp settings:

-e SMTP_SECURITY=starttls
-e SMTP_PASSWORD=my-password

which work well.

Apache proxy is configured:


<IfModule mod_ssl.c>
<VirtualHost ip-address:443 [ipv6-address::4]:443>
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1


    SSLEngine On
    Include /etc/letsencrypt/options-ssl-apache.conf

    ErrorLog /bw-data/bitwarden-error.log
    CustomLog /bw-data/bitwarden-access.log combined

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /notifications/hub(.*) ws://localhost:3012/$1 [P,L]

    ProxyPass / http://localhost:9011/

        ProxyPreserveHost On
        ProxyRequests Off
        RequestHeader set X-Real-IP %{REMOTE_ADDR}s


    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/

What do I miss so that invalid certs are accepted? Or does this not matter, because the cert is managed by apache with the proxy?

They are red because they are risky to use. They could cause security issues.

All items which contain Risk will be marked red.
It’s not an issue, just that you are aware of using that feature.

Can I prevent it? Or is this a consequence of using the apache proxy?

Prevent what?
It’s just a notice so that people are a bit more aware of that those options are risky to use when set to enabled. If you do not use them there is no issue.

Is it possible to set these settings to true from docker startup script? like -e …

Yes, but why would you want to do that?
It is only needed if your SMTP doesn’t use a valid certificate.
This has nothing to do with HTTPS or whatever.