Vaultwarden Cerificate Location

Trying to setup Vaultwarden in HAOS, I have it running fine elswhere but I would like to have it running in HAOS instead.

I have my certificate files, but I have absolutely no idea where they are supposed to go?

In the documentation for the addon it says they must be put in /ssl/

Does anyone know where this is this?

I have created an ssl folder in homeassistant/ but that doesnt work, normally there would be some config files or folders created when you install an addon, but I have looked through everything and I see nothing at all for this addon, the addon will run if I disable SSL, but thats pointless as you cant log in, if I enable SSL then it shuts down as it cant find my certificate files.

Below is the log:

[08:01:50] FATAL:
[08:01:50] FATAL: SSL has been enabled using the ‘ssl’ option,
[08:01:50] FATAL: this requires an SSL certificate file which is
[08:01:50] FATAL: configured using the ‘certfile’ option in the
[08:01:50] FATAL: add-on configuration.
[08:01:50] FATAL:
[08:01:50] FATAL: Unfortunately, the file specified in the
[08:01:50] FATAL: ‘certfile’ option does not exist.
[08:01:50] FATAL:
[08:01:50] FATAL: Please ensure the certificate file exists and
[08:01:50] FATAL: is placed in the ‘/ssl/’ directory.
[08:01:50] FATAL:
[08:01:50] FATAL: In case you don’t have SSL yet, consider getting
[08:01:50] FATAL: an SSL certificate or setting the ‘ssl’ option
[08:01:50] FATAL: to ‘false’ in case you are not planning on using
[08:01:50] FATAL: SSL with this add-on.
[08:01:50] FATAL:
[08:01:50] FATAL: Check the add-on manual for more information.
[08:01:50] FATAL:

In order to use Bitwarden I set up Duckdns extension that handles automatically let’s encrypt certificate.

I have done this already, I have it working perfectly on an RPI, but Im trying to move it over to HAOS.

On my pi I can connect through ssl using the duck DNS name, and I can connect via the IP address, both using SSL, currently running NPM.

On HAOS I cant even get it to start with SSL enabled, and as shown above, its asking for the certificates to be placed in the /ssl/ folder, I’m not seing this folder?

I don’t quite understand. On RPi isn’t HAOS running on it? You are saying that you want to move to HAOS but on which gear. I’m a bit confused, may be I don’t understand the situation.

No the RPI is a seperate machine running just Vaultwarden, my HAOS is running a different machine.

All I really want to know is where is this mystical folder /ssl/ that the addon is refering to?

The documention for the addon says the following:

Option: ssl

Enables/Disables SSL (HTTPS). Set it true to enable it, false otherwise.

Note: The SSL settings only apply to direct access and has no effect on the Ingress service.

Option: certfile

The certificate file to use for SSL.

Note: The file MUST be stored in /ssl/, which is the default

Option: keyfile

The private key file to use for SSL.

Note: The file MUST be stored in /ssl/, which is the default

Now I better understand the setup. But out of curiosity why don’t you run Bitwarden on HAOS aside Home Assistant. It is so easy to set-up.
Is this could help you? Linux Standard Deployment | Bitwarden Help Center

Its okay, I can run it on a Pi I can run it in Proxmox, I can it in Truenas, I was just trying to consolidate these lighter services to one machine.

I dont like RPI’s and I’m slowly removing them from my network, I have a large rackmount homelab and I have several Dell Optiplex micro machines, one of these runs HAOS, and its more than enough to eliminate these additional Raspberry Pi’s I have.

I also like the backup feature of HAOS, its easier to use than the others I have mentioned, so any light weight services I have that have supported addons in HAOS, I would like to consolidate, I already did this with Frigate, and it works fantastic.

if I cant figure out where I’m supposed to put these cert files for the addon to start up in SSL mode, then I will migrate Vaultwarden to Truenas Scale on my homelab instead, as that starts up in SSL mode without an issue, and I can set it up in NGINX Proxy Manager

If the addon wont start up in ssl mode, how can I setup certificate encryption?

This is the situation:

Now if I disable ssl, the addon starts up perfectly, I can access the web gui, but you can’t log in, as it does not allow login from http, okay no problem I setup NPM and now I can access through https, and thats great…but if NPM fails, I can not access Vaultwarden anymore, if I access the gui through http, then it wont let me login as it dosnt allow vault access without an encypted connection.

Hopefully this makes sense, on other setups using Vaultwarden, like on my Pi or in Truenas, Vaultwarden will startup in ssl mode, the certificate is obviously useless and you get the dreaded annoying message in the web browser when accessing it, but thats fine, you can click past it and still log in and use the vault.

So my current setup on my RPI I can access Vaultwarden in the following ways:

On HAOS addon I have to disable ssl for it to start and this is how I can access:

So to resolve this, I need to start the HAOS addon with encryption enabled, here is the issue, I cant, it wont start, its asking for certificates, I have these, it wants me to place them in a folder called ssl, I need to know where that folder is, so I can put them in it.