I have hosted Vaultwaren on my pi4 and followed this guide on Github to generate self-signed certificates. I installed the CA certificates on my windows PC and laptop, they work just fine. But on my android devices, they neither work on the browsers nor the Bitwarden app.
I simply can’t obtain [at least I think so] certificates from Trusted CA like Let’s Encrypt as I’m behind a CGNAT and cannot forward any ports.
PS: I had hosted Bitwarden_rs on the same Pi with self-signed certs, which worked fine on my phone. After I reset my pi and phone, I’m trying to set up Vaultwarden and stumbled on this issue.
Depending on if you have a valid domain, CGNAT shouldn’t be an issue. If ports cannot be forwarded, caddy can use cloudflare DNS to for domain validation to generate a proper certificate that will be auto renewing.
If not possible, you should be able to load the self-signed cert into Android manually, though I’m not sure how well the Bitwarden app handles this still as generally it will require a cert for secure HTTPS connection, though I’m not sure how this does or does not work with a self signed cert.