I just exec'd into the nginx container and looked at the volume mapped path where the certificate files are.
They match myhomelab.glenspcservice.com exactly.
Are you running a single docker host which in turn is running all of your bitwarden servers as docker containers? If so that was a really important piece of information.
When using docker the network flow is
[Your Router] ->Port forwarding to -> [Docker Host]
Then within the docker host there are one or more virtual networks for the containers, so one of your bitwarden instances might think it runs of port 8443, but it's actually exposed via docker on port 443 (for example).
You can't then run two docker container instances on the same host port, instead what people usually do is (for example) run an nginx reverse proxy on a docker instance and send everything to that, then let it map websites to the correct container backends (which can be running on any ports they like) e.g.
-
https://myhomelab.glenspcservice.com:443andhttp://myhomelab.glenspcservice.com:80could proxy tohttp://bitwarden-01or `http:// - and
https://bitwarden.glenspcservice.com:443andhttp://bitwarden.glenspcservice.com:80tohttp://bitwarden-02
An advantage of this setup is each container doesn't need to manage it's certs or have https config, because the reverse proxy is doing all that. Alternatively if you use something like Caddy as your reverse proxy it will setup the certs automatically without involving certbot etc.
None of this is particularly simple or easy though and you need a very clear mental model of how ports map from outside your network via docker into your container setup.
7 Likes
No. I have 1 instance on 1 physical server completely working.
This is an attempt to get a 2nd instance working on another physical server.
I saw their information regarding configuring multiple instances of the containers into a Docker Swarm but that's not what I'm trying to achieve.
I saved your post because it's got great information I may end up using at some point.
2 Likes
So here is a very interesting update.
I was getting pretty frustrated at this so I decided to try and use a host not associated with my web hosting company. I used a paid plan with ddns and went through the entire set up and used a DNS challenge.
I then manually copied and appropriately changed the filenames from where certbot placed the files: /etc/letsencrypt/live/erinlab.ddns.net/fullchain.pem.
Other than that every setting/port number/etc is identical. But now everything is working. Not only is it working, it's on port 4443 like I wanted.
There is one remaining error but it's not certificate related.
https://erinlab.ddns.net:4443/#/login
I still have no idea why there was a certificate issue when I was using any domain name related to my host provider.
1 Like
Hi @glen4cindy,
How can a "Browser is loading wrong certificate"?
It seems like a Browser uses the certs supplied to it by servers.
I am I missing something here?
Thanks!
3 Likes
So I'm using the incorrect terminology?
I apologize for that.
I saved the appropriately named certificate files in the appropriate file locations on the server.
When I browse to the URL, there is a nice big privacy warning. Clicking on the triangle reveals that the certificate the browser sees is different than what was saved in the file locations I mentioned above.
However, the update I made earlier when I decided to use a domain that did not have "glenspcservice" in the domain loads the page without the privacy error and a nice padlock shows and clicking on that padlock shows the proper certificate.
So what am I missing? I'm sorry if I'm using the wrong terminology. I'm explaining this the best way I know how.
Likely, that copying those files to that location is not enough.
The service that uses the files might need to be restarted/reloaded so that it can use the latest files.
If that fails, then you may need to seek help directly from that service/vendor.
2 Likes
Thanks for this advice. Unfortunately, restarting services and even the VM itself has proven to not change anything.
I tried this as well.
This comment I made in my first post. I started with my hosting provider since the domain was created at my cPanel. They deny any issue on their end.
It sure seems odd that one I created outside of my cPanel with a different vendor is working without any certificate errors.
1 Like
Sounds like it is time to vote with your money and choose a new hosting provider company.
1 Like
"So what am I missing?"
To me it seems like too much complication as the starting point.
Start simple. Build and test each step, and then add the next.
2 Likes
Unfortunately, you can't "build and test each step" in this particular situation.
You run the installer, update the conf files and then issue the start command.
But as Bruce5051 pointed out, it might be time to choose a new hosting provider.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.