Bitwarden CLI conencting to vaultwarden: unable to verify first certificate

Calzone0346 · August 11, 2025, 9:02am

Hello everyone,
I am running a vaultwarden server as docker, I am using nginx reverse proxy manager which is the entrance point for all my docker containers. In nginx proxy manager I have a self signed wildcard certificate which I do use for all my containers.

Now bitwarden with my vaultwarden setup works fine - the app, browser extension and web never had any issue.
Today I wanted to try the bitwarden cli, but I do receive this error message:

.\bw.exe config server https://password.domain.lan/
Saved setting `config`.Unable to fetch ServerConfig from https://password.domain.lan/api FetchError: request to https://password.domain.lan/api/config failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (C:\snapshot\clients\node_modules\node-fetch\lib\index.js:1505:11)
    at ClientRequest.emit (node:events:519:28)
    at emitErrorEvent (node:_http_client:101:11)
    at TLSSocket.socketErrorListener (node:_http_client:504:5)
    at TLSSocket.emit (node:events:519:28)
    at emitErrorNT (node:internal/streams/destroy:169:8)
    at emitErrorCloseNT (node:internal/streams/destroy:128:3)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
Unable to fetch ServerConfig from https://password.domain.lan/api FetchError: request to https://password.domain.lan/api/config failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (C:\snapshot\clients\node_modules\node-fetch\lib\index.js:1505:11)
    at ClientRequest.emit (node:events:519:28)
    at emitErrorEvent (node:_http_client:101:11)
    at TLSSocket.socketErrorListener (node:_http_client:504:5)
    at TLSSocket.emit (node:events:519:28)
    at emitErrorNT (node:internal/streams/destroy:169:8)
    at emitErrorCloseNT (node:internal/streams/destroy:128:3)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}

The certificate is trusted on my local PC, powershell should trust it too as far as I know. Maybe there is something missing in my reverse proxy?

Topic		Replies	Views
Using Bitwarden Password Manager CLI with VaultWarden and self-signed certificate Help	1	580	October 12, 2024
Bitwarden client on linux - connection problems Help	1	962	July 4, 2022
Vaultwarden and Nginx Proxy Manager Help	35	44892	January 3, 2025
Issues with certificates for Vaultwarden on Synology(Xpenology ) Help	0	807	June 27, 2022
Need EASY step-by-steps to enable HTTPS Help	12	75818	July 12, 2024

Bitwarden CLI conencting to vaultwarden: unable to verify first certificate

Related topics