Need help with installation / SSL

Help
1

Hello together.
I have installed Vaultwarden on Ubuntu 24.04 following this Guide

For better understanding my issue:

  • This server will not be accessable from public, only LAN
  • our internal domain looks like this “aaa.bbb.local”
  • the server is atm reachable with http under vault.aaa.bbb.local
  • we have bougth an SSL certificate at InterSSL for vault.aaa.bbb.de and won´t use Let´s Encrypt

I have tried to configure a Caddyfile and add the folders to docker-compose file but nothing seems to work. Caddy seems to force a connection to let´s Encrypt.
Any help with the configuration of my own certificates woult be awesome

This is my Caddyfile


vault.aaa.bbb.de {
    tls /certs/vault_aaa_bbb_de.crt /certs/vault.aaa.bbb.de.key
    reverse_proxy vaultwarden:80
}

This is my docker file

version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    labels:
      caddy: vault.aaa.bbb.de
      caddy.reverse_proxy: "{{upstreams}}"
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - INVITATIONS_ALLOWED=false
      - ADMIN_TOKEN=<My Key is here>
      - DOMAIN=https://vault.aaa.bbb.de
    volumes:
      - vaultwarden_data:/data
    networks:
      - vaultwarden_network
    depends_on:
      - caddy

  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    container_name: reverse-proxy
    ports:
      - 80:80
      - 443:443
    environment:
      - CADDY_INGRESS_NETWORKS=vaultwarden_network
    networks:
      - vaultwarden_network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
      - /srv/caddy/Caddyfile:/etc/caddy/Caddyfile  # Mount custom Caddyfile
      - /srv/caddy/certs:/certs  # Mount certificate directory
    restart: unless-stopped

networks:
  vaultwarden_network:
    external: true
volumes:
  vaultwarden_data: {}
  caddy_data: {}

docker exec -it reverse-proxy ls -l /certs

grafik
grafik860×137 5.15 KB

This is the docker logs reverse proxy

{"level":"error","ts":1738758549.5073335,"logger":"http.acme_client","msg":"validating authorization","identifier":"vault.aaa.bbb.de","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"DNS problem: NXDOMAIN looking up A for vault.aaa.bbb.de - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for vault.aaa.bbb.de - check that a DNS record exists for this domain","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/183498604/22421851204","attempt":1,"max_attempts":3}

nslookup


Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   vault.aaa.bbb.de
Address: 10.177.200.70
2

Can be closed.
I have solved it with NPM and an other configuration