Self-hosted instance with HTTPS


I have been using bitwarden_rs on aarch64 for years and I am now migrating to vaultwarden.
I have my own VPN and I do not expose any application so I am using VPN to connect to my self-hosted instance.
I would like to use HTTPS instead of HTTP for more security.
I have had a quick look to the documentation but I do not see this case.
I do not have any domain to configure in caddy and if I use a fake one caddy fails in gettting the certificate.
Do you have any recommendation in this case?

Just changed the following lines in docker-compose.yml:

  - CADDY_TLS_CERT=/config/caddy/cert.pem
  - CADDY_TLS_KEY=/config/caddy/key.pem

and the following in Caddyfile:


From my laptop it is ok through the browser.
I have generated a .crt file and put in my android 11 phone but I am getting the following error:

Thank you for you hint @jjlin !
I could make it working.
However what about the following statement:

If you don’t already have an account, create one at Create a subdomain for your vaultwarden instance (e.g.,, setting its IP to your vaultwarden host’s private IP (e.g.,

It is clear that caddy needs to domain in the HTTPS call in order to work.
But if I use dig to query the duckdns domain I am getting an empty IP address.
In Linux and Windows I can quickly solve this issue putting a static DNS mapping in the /etc/hosts but what about Android devices?
What solution do you recommend?

The subdomain should resolve to your private IP. If it doesn’t, flush your DNS resolver cache, or see the troubleshooting section

This is solved. I have just used my router.