Problems with SSL Certificate

Configuration
1

Hello,
I’m trying to set up Vaultwarden after several days without success.

I access my HA instance via my own domain using Cloudflare.

Access via HTTPS is possible, which is why I assume that SSL is generally available (I assume from Cloudflare).

I am a layman in this area.

If I start Vaultwarden now, it tells me:

[11:39:47] FATAL: 
[11:39:47] FATAL: SSL has been enabled using the 'ssl' option,
[11:39:47] FATAL: this requires an SSL certificate file which is
[11:39:47] FATAL: configured using the 'certfile' option in the
[11:39:47] FATAL: add-on configuration.
[11:39:47] FATAL: 
[11:39:47] FATAL: Unfortunately, the file specified in the
[11:39:47] FATAL: 'certfile' option does not exist.
[11:39:47] FATAL: 
[11:39:47] FATAL: Please ensure the certificate file exists and
[11:39:47] FATAL: is placed in the '/ssl/' directory.
[11:39:47] FATAL: 
[11:39:47] FATAL: In case you don't have SSL yet, consider getting
[11:39:47] FATAL: an SSL certificate or setting the 'ssl' option
[11:39:47] FATAL: to 'false' in case you are not planning on using
[11:39:47] FATAL: SSL with this add-on.
[11:39:47] FATAL: 
[11:39:47] FATAL: Check the add-on manual for more information.
[11:39:47] FATAL: 
s6-rc: warning: unable to start service init-nginx: command exited 1
/run/s6/basedir/scripts/rc.init: warning: s6-rc failed to properly bring all the services up! Check your logs (in /run/uncaught-logs/current if you have in-container logging) for more information.
/run/s6/basedir/scripts/rc.init: fatal: stopping the container.
s6-rc: info: service vaultwarden: stopping
[11:39:47] INFO: Service Vaultwarden exited with code 256 (by signal 15)
s6-rc: info: service vaultwarden successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service base-addon-timezone: stopping
s6-rc: info: service base-addon-log-level: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service base-addon-timezone successfully stopped
s6-rc: info: service base-addon-log-level successfully stopped
s6-rc: info: service base-addon-banner: stopping
s6-rc: info: service base-addon-banner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

Does anyone have an idea how I can fix this problem?

2

I don’t use Vaultwarden, but anyway thought I would try to help …
The AddOn documentation says:

Known issues and limitations

  • This add-on cannot support Ingress at this time due to technical limitations of the Bitwarden Vault web interface.

So I think this means, that you have to use the “direct access” method (See next)

Option: ssl

Enables/Disables SSL (HTTPS). Set it true to enable it, false otherwise.

Note: The SSL settings only apply to direct access and has no effect on the Ingress service.

Option: certfile

The certificate file to use for SSL.

Note: The file MUST be stored in /ssl/, which is the default

Option: keyfile

The private key file to use for SSL.

Note: The file MUST be stored in /ssl/, which is the default

So I think you have the ssl option enabled in Vaultwarden, but the log errors indicate that it is looking for the certificate/key files in the /ssl/ directory and not finding them there.