SSL with Nginx Reverse Proxy

Hi all,

So i’ve been trying to set up my vault warden using nginx reverse proxy manager. However, i’ve been coming into some issues with trying to obtain my SSL. I know there’s not an issue with the proxy manager myself as i was able to obtain a certificate for another site i host shortly after my attempts with Vaultwarden.

If I access the site via it’s it’s perfectly fine. However, LE is unable to obtain the certificate. As the DNS challenge is failing. I’d have thought since i can access the site via it’s DNS name then this wouldn’t be an issue?

I changed back to bitwarden and was able to obtain a certificate no problem so i believe that there may be an issue with the image or more than likely my setup.

Here’s the output from the LE log

{
  "identifier": {
    "type": "dns",
    "value": "vault.adamsitsolutions.co.uk"
  },
  "status": "invalid",
  "expires": "2022-04-25T10:46:02Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://vault.adamsitsolutions.co.uk/.well-known/acme-challenge/WJlxEw0E2E_rArQUnxU_0EnyZkRBPj4gkfLQDCJGwcI [88.150.137.104]: 404",
        "status": 403

Any help would be appreciated!

Thanks,

Darren

If you are able to generate a valid certificate, can a wildcard certificate for your domain be created in Nginx? This wildcard cert can be used across multiple subdomains for your website, aka *.domain.com would work for vaultwarden.domain.com, sub1.domain.com, sub2.domain.com, etc.

Unsure what you mean by “changed back to Bitwarden”, were you using the official Bitwarden bitwarden.sh installer script initially to run the Official Bitwarden docker?

Please see Challenge Types - Let's Encrypt
Overall http challenge type requires port 80 to listen, some instances may be better with a DNS challenge instead.

Perhaps providing your Nginx setup for Vaultwarden may be of assistance too, I am not personally familiar with Nginx configs but you can find some examples in the wiki and possibly use those to try and compare against your config.