From dd005910824929778f4d54b342f1c5ac8ac834bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Fri, 9 Nov 2018 16:24:45 +0100 Subject: [PATCH] Add info about how to fix #176 --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2ecfc3be..ba4fed2b 100644 --- a/README.md +++ b/README.md @@ -195,17 +195,19 @@ docker run -d --name bitwarden \ ``` Note that you need to mount ssl files and you need to forward appropriate port. +Due to what is likely a certificate validation bug in Android, you need to make sure that your certificate includes the full chain of trust. In the case of certbot, this means using `fullchain.pem` instead of `cert.pem`. + Softwares used for getting certs are often using symlinks. If that is the case, both locations need to be accessible to the docker container. -Example: [certbot](https://certbot.eff.org/) will create a folder that contains the needed `cert.pem` and `privacy.pem` files in `/etc/letsencrypt/live/mydomain/` +Example: [certbot](https://certbot.eff.org/) will create a folder that contains the needed `fullchain.pem` and `privkey.pem` files in `/etc/letsencrypt/live/mydomain/` -These files are symlinked to `../../archive/mydomain/mykey.pem` +These files are symlinked to `../../archive/mydomain/privkey.pem` So to use from bitwarden container: ```sh docker run -d --name bitwarden \ - -e ROCKET_TLS='{certs="/ssl/live/mydomain/cert.pem",key="/ssl/live/mydomain/privkey.pem"}' \ + -e ROCKET_TLS='{certs="/ssl/live/mydomain/fullchain.pem",key="/ssl/live/mydomain/privkey.pem"}' \ -v /etc/letsencrypt/:/ssl/ \ -v /bw-data/:/data/ \ -p 443:80 \