Site can't provide a secure connection

I'm not understanding why this is being pulled. Unless this is historical. This is a previous domain I attempted to use for bitwarden. When I ran into so many issues I started over.

I didn't think there would still be old information associated with this. Could this interfere with what I'm trying to do now?

Because it is still being served.

Sorry. I didn't realize 443 was a factor here.

Since Bitwarden is using 8443, you say I could use another port such as 4443 or something?

If I'm setting that port in nginx and Standard Notes needs 3000 is that where

proxy_pass http://127.0.0.1:3000

comes in?

If so, that should be the last part that's keeping this from working.

These are the only ports that nmap has anything to say about
443 close
8443 open

$ nmap -Pn workshop.glenspcservice.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2023-01-29 15:07 PST
Nmap scan report for workshop.glenspcservice.com (97.88.217.20)
Host is up (0.087s latency).
rDNS record for 97.88.217.20: 097-088-217-020.res.spectrum.com
Not shown: 995 filtered ports
PORT     STATE  SERVICE
443/tcp  closed https
3000/tcp open   ppp
5001/tcp open   commplex-link
5060/tcp open   sip
8443/tcp open   https-alt

Nmap done: 1 IP address (1 host up) scanned in 11.01 seconds

When you say served, what does that mean?

I do not have anything on my network using that now other than this new project. The domain itself is an active dynamic DNS with my hosting provider. But that shouldn't be associated with Bitwarden. That should only be associated with a different domain.

What ever you have on workshop.glenspcservice.com:8443 supplied that certificate

$ curl -k -Ii https://workshop.glenspcservice.com:8443/                                                              HTTP/2 200
server: nginx
date: Mon, 30 Jan 2023 00:27:05 GMT
content-type: text/html
content-length: 1238
vary: Accept-Encoding
accept-ranges: bytes
etag: "1d9220166412b56"
last-modified: Fri, 06 Jan 2023 19:02:19 GMT
strict-transport-security: max-age=15768000
referrer-policy: same-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; connect-src 'self' wss://bitwarden.glenspcservice.com https://api.pwnedpasswords.com https://2fa.directory; object-src 'self' blob:;
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow

$ openssl s_client -showcerts -servername workshop.glenspcservice.com -connect workshop.glenspcservice.com:8443 < /dev/null
CONNECTED(00000003)
depth=0 CN = bitwarden.glenspcservice.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = bitwarden.glenspcservice.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = bitwarden.glenspcservice.com
verify return:1
---
Certificate chain
 0 s:CN = bitwarden.glenspcservice.com
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec 18 14:44:58 2022 GMT; NotAfter: Mar 18 14:44:57 2023 GMT
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISBMYZQ99X63GtFGB3XRyGemH1MA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjEyMTgxNDQ0NThaFw0yMzAzMTgxNDQ0NTdaMCcxJTAjBgNVBAMT
HGJpdHdhcmRlbi5nbGVuc3Bjc2VydmljZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZH4S6iddHqUxlNPWIDn+XFKALxZr9b+aQfiZZQvXTPGi0
qBr8CElv99qXXSar+EoZBOxQd3mfTg9xgLQzwFgNlHox9ExjJ4dsxfVOuuHwm1Ci
RzC3Nu9XzyU1CxGmbPKav235EssuKBSL/jD/pMf4AqciJZ7avKJlgBDuk5cdEy6i
wzUkvVTg9ytZPCWurVvlh+nBC1xSIpYAhRMfW9SfvViZIezvDfVRUEy6hSHky/ef
Mkmd1yAK/9J5oYyT7SBiW/6tv/robcq2BDkyF9pAfHWxFkmoWJSW9xUJ3Bpuk2q2
g2lMnsOS7Ek1klDaAWdOn70PSY40Uf7i1wi/nCBBAgMBAAGjggJYMIICVDAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud
EwEB/wQCMAAwHQYDVR0OBBYEFHRJfSNT8ReotyqqZm4RFWTfkKXWMB8GA1UdIwQY
MBaAFBQusxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEF
BQcwAYYVaHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8v
cjMuaS5sZW5jci5vcmcvMCcGA1UdEQQgMB6CHGJpdHdhcmRlbi5nbGVuc3Bjc2Vy
dmljZS5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEE
AdZ5AgQCBIH2BIHzAPEAdgB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1Lr
UgAAAYUl6ObEAAAEAwBHMEUCIQCqnenDyJ7GX17tv3tlqslDeUqP0hJ/kGMWJkty
R2JmvQIgXcMM/JJBSjsFDCht3+UTrnY6kC22cgw/sOzkpqw4cJgAdwC3Pvsk35xN
unXyOcW6WPRsXfxCz3qfNcSeHQmBJe20mQAAAYUl6ObTAAAEAwBIMEYCIQDn1uGo
rDjOApaq+Ole/0fSi4fLR0Yhl8NsuZO7Np3LQwIhAIyZ6tv5s0Gr0FZQ4TmC/GG5
xHJIJ/9ZWkAA5nI1GuurMA0GCSqGSIb3DQEBCwUAA4IBAQB1S8pgoa+FrzpyS6mW
5EjwK3gAn04v+0Xj+pxY208c11suuVo8PngJfdqzTdt9u87orFY8xHAYRlMc24Ff
wphTezo/4I7ktYJGXU58KCIv7eps4x8g2+rVfA9rcftJAGQUOi68ZhtkL1SWFfrI
IxfriojJKWzZhWiEWJjZnGgHMFPYV3WB5oNZlryeQMM0tebzdlTCR5cx967r2q75
lzL3RQEBME6zuI5N/q6myHvsXDzuciIzCbsrIFVyYMPAe9VHHahakCxkNbpn2p4c
uagHdThnrFZo1f3iRMu0obBu1efStihe6Adj0Fg0/VkwJYiY00PPcHu6fGb3Zviv
NY38
-----END CERTIFICATE-----
---
Server certificate
subject=CN = bitwarden.glenspcservice.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1829 bytes and written 422 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: A03BBDB6C7E9CDBD92F120E6DBD38F82FA8E8C5B3C6D6C42A06887F01A3F68DA
    Session-ID-ctx:
    Master-Key: CD25AF788CEE2CE7E940275543057FC880A93CBBA6D0DF32ACEA96AF4038CE6A46050B1CDBB6014FFE27EFC26537DFB9
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1675038429
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: yes
---
DONE

$ nmap -Pn workshop.glenspcservice.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-30 00:27 UTC
Nmap scan report for workshop.glenspcservice.com (97.88.217.20)
Host is up (0.086s latency).
rDNS record for 97.88.217.20: 097-088-217-020.res.spectrum.com
Not shown: 995 filtered ports
PORT     STATE  SERVICE
443/tcp  closed https
3000/tcp open   ppp
5001/tcp open   commplex-link
5060/tcp open   sip
8443/tcp open   https-alt

Nmap done: 1 IP address (1 host up) scanned in 11.56 seconds

This is what I see on Windows with Firefox 109.0 (64-bit)

image1054×691 21.6 KB

image602×582 15.5 KB

image1920×1040 28.3 KB

I'm investigating this issue as it is likely interfering with the other server I'm attempting to run.

I have no idea how, but it appears that Bitwarden is in fact running at workshop.glenspcservice.com and at bitwarden.glenspcservice.com.

One has a working certificate and loads a secure page and the other one doesn't.

I'm at a loss right now as to how this happened. Nothing in my Bitwarden configuration references workshop.glenspcervice in any way. That entry does appear in the nginx log files but it doesn't appear in any configuration files.

I do see this when I run docker ps:

0e82276b73c5 bitwarden/nginx:2023.1.0 "/entrypoint.sh" 8 days ago Up 6 days (healthy) 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 80/tcp, 0.0.0.0:8443->8443/tcp, :::8443->8443/tcp bitwarden-nginx
720054d745de bitwarden/admin:2023.1.0

I'm looking into how to fix this.

Correct.

Correct.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.