Vaultwarden local on HassOs

Hello everyone,
i m litterally stuck and hopeless, because i m failing to properly configure vaultw. environment to reach my objective.

GOAL: Run a VW local instance (not reachable from Internet) on HomeAssistant (Rasp. Pi4) and connect to the istance through PC app and Android app in order to Sync the clients’database to the central Vaultwarden Server.

Problem: After about 40hourse of troubleshooting i m still having problems managing the HTTPS Certificates: On windows pc’app the error is “Unable to Fetch”, or it goes on timeout. On Android i receive error about the ceriticate
I read and tried the Nginx Proxy, also Nginx Proxy manager and last but not least about Caddy2 to obtain the DNS Challenge configuration.

My environment (coming from the lateste attempt to make all this work):

  • Core 2024.1.0
  • Supervisor 2023.12.0
  • Operating System 11.2
  • Frontend 20240103.3
    Vaultwarden Add-on:
    “Vaultwarden (Bitwarden) Current version: 0.20.1”
    Integration with domain linked to my Public IP: $mydomain$

All components are on the same machine (

VW Config:

ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
log_level: debug

Caddy2 config file:

  email $myemail$

$mydomain$ {
    tls {
        dns duckdns env.$mytoken$
    reverse_proxy https://localhost:7277
env_vars: {
 log_level: debug

Following this guide (How to use DNS provider modules in Caddy 2 - Wiki - Caddy Community) I also downloaded the caddy custom binary (platform:linux arm64) thanks to git clone in the folder
/share/caddy and i found a duckdns folder (/share/caddy/duckdns). I didnt understand if should i do something with these files.

Please i hope in the community and all the good people here to help me, is really really annoying.
I am avaiable to change configurations and use NGINX Proxy or NGINX Proxy Manager or ADGuardHome (if should have sense) in order to fix this behaviour.

The duckdns addon is for reaching HA (port 8123). The VW addon specifically tells that ingress (going through HA) is not possible, so you have to create a reverse proxy configuration specifically for VW, forwarded to to http://homeassistant.local:7277.

Enabling ssl for the VW is not really necessary and adds complexity.

If so, you don’t need duckdns, and you can directly use http://homeassistant.local:7277 as the server url.

But then, the android app will only work when at home (or using a VPN; I use tailscale myself)

Hi Koying,
i solved this issue configuring caddy2 as a reverse proxy and using the DNS Challenge to validate the certificate.

Thanks for the support btw :smiley: !!