Hi all.
I encountered a certificate problem when using Vaultwarden in a docker container on Synology (Xpenology), please help.
Yesterday I spent the whole day trying to solve this problem and it did not work 
I read the Wiki but unfortunately did not understand how to solve my problem.
Describing what I did:
I want Vaultwarden to be available only when connected to my VPN.
On Synology, I downloaded and installed Docker, then I installed the vaultwarden image, set port 8080.
The final http address of vaultwarden is: http:// 192.168.1.138:8080 , but https is required for registration.
Next, I set up Reverse-proxy in Synology, Proctol: https, port 443, address: vaultwarden.
Final https:// vaultwarden.local
After that, I was able to register in the system, open it on my home PC, connect through the browser extension.
But when opening https:// vaultwarden.local in Chrome on Android (connected via Wi-Fi to the home network), the page did not open, as I understand it, due to the fact that the request goes anyway through Google DNS, the Bitwarden app on the phone didnât connect for the same reason.
I installed an Android emulator on a PC and tried to open a link on it in a browser - the site does not open. The Bitwarden app didnât work on the emulator either.
I realized that the link https:// 192.168.1.138:8080 is needed so that I can open it on my phone in the browser and in the application. I exported the Synology certificates and tried using it in the ROCKET_TLS variable. After that, I managed to open the page in the browser on the phone, but in the application I began to receive the error âException message: java.security.cert.CertPathValidationException: Trust anchor for certification path not foundâ.
Then I decided to try forwarding ports on the router for Synology. I set up DuckDNS on Synology in DDNS and got certificates in Letâs n Encrypt. Exported the received certificates, there were 6 pieces in the archive: ECC-cert.crt, ECC-fullchain.pem, ECC-key.pem, RSA-cert.crt, RSA-fullchain.pem, RSA-key.pem (could have made a mistake in the names ). After that, I disabled port forwarding and any external access to Synology. Next, I tried using the combinations ECC-fullchain.pem, ECC-key.pem or RSA-fullchain.pem, RSA-key.pem in the ROCKET_TLS variable, as a result:
On PC
The page https:// 192.168.1.138:8080 opens, the browser extension is connected.
On the phone
Page https:// 192.168.1.138:8080 opens, Bitwarden app error âException message: java.security.cert.CertPathValidationException: Trust anchor for certification path not foundâ
Tell me what am I doing wrong?
How can I correctly configure vaultwarden on Synology so that it is only accessible via VPN, there is no access to it from an external network and the Bitwarden application works on Android?