r/vaultwarden

Self-signed certificates on iOS (Apple) are limited to 825 days

Some of us want to do self-signed certificates and want to set it and forget it so we set expiration dates that last a really long time. At the same time we're setting up vaultwarden and our own root certificates for the very first time, so when things don't work we don't know where to look. Don't overlook the self-signed certificate you issued for vaultwarden. If you or a tool (on your behalf) issued a certificate that is valid for more than 825 days, iOS automatically considers it invalid/not trusted even if you have everything setup and installed correctly.

Hope this helps some of us that run into certificate issues. It's easy to find the validity period for public certificates but it's harder to dig up how long Apple's validity period is for self-signed certificates.

reddit.com
u/Killer2600 — 3 days ago

Passkey login

Hello experts. I just set up vaultwarden on my Synology and I am noticing there is no way to do passkey based login. Is this a “me” issue or is this a product limitation? I rely on that feature a lot.

Thanks in advance.

reddit.com
u/this_for_loona — 5 days ago

Why do we think all our data is hacked?

Seriously. Everyone in this community thinks the second your data escapes, it's hacked and vulnerable. You realize our data is everywhere, right? I meet one guy, and he thinks "we're hacked!" Give me a break.

reddit.com
u/Exxpire — 5 days ago
▲ 6 r/vaultwarden+1 crossposts

Plug-and-play Vaultwarden box for non-technical people — worth building?

Hardware/security engineer here, with manufacturing access. One idea I keep coming back to — poke holes in it before I waste months on it.

A small low-power device, a bit bigger than a USB stick, running minimal Linux + Vaultwarden and nothing else. Plug in power, do a 5-minute setup from your phone, and you've got self-hosted password sync to all your Bitwarden clients. No Docker, no NAS, no port forwarding — remote access via a Cloudflare tunnel on the user's own account. One job: password sync/backup for a person or family. No file storage, no app store.

I know the objections and half-agree:

  • "Just use a $35 Pi." If you're here, you already have. This is for people who want the result but will never touch a terminal.
  • "Bitwarden free is great." It is. The only reason to buy this is wanting the vault on hardware you own, not someone's cloud.
  • "Cloudflare sees your traffic." The vault is E2E-encrypted client-side, but CF sees metadata. Honest tradeoff.

What I actually want to know:

  1. Is the "wants it self-hosted but won't DIY it" person real and numerous, or basically nonexistent?
  2. What single thing would stop you trusting this with your passwords?
  3. Would you buy one for a non-technical relative? At what price?

No product, no link, nothing to sign up for — just figuring out if this is worth building. Brutal honesty welcome.

reddit.com
u/immurok — 7 days ago

Need help, I am going INSANE *Passkeys*

So I have Vaultwarden and i have always ran it locally through Traefik and had my MFA configured through Yubico environmental variables. this allowed me (when i first set it up) to run my security key for totp's. i have been overhauling my compose files recently and seen that this is no longer needed and i wanted to switch to straight fido2 auth with my security key so i don't have to open and get a otp code every time i want to log in. but something just isn't allowing me to register my key. when i go to register it and i click on read key and select the security key option form the pop up it will immediately skip the tough auth and go right to the pin entry. now i put my pin in and it says incorrect pin. my pin is not incorrect i have confirmed that by logging into my other services and through the Yubico authenticator app. Now i was wondering if perhaps Traefik was the culprit. i omitted the entire middlewares section to rule out my securityheaders and no change. I was able to register the key on my windows device but then when i went to log in on both my windows and mac i just got a spinning circle that never resolved the a security key check. I'm going insane and i need to know if anyone has any ideas or have experienced this. please help!! I don't want to run this through Authentik. I'd much rather use the built in auth.

reddit.com
u/CalendarSubject4887 — 7 days ago

Bitwarden app certificate issue with self-hosted Vaultwarden

Hello, I apologize in advance for the inconsistencies—I’m using a translator.

I’m using Vaultwarden on my Raspberry Pi, and I wanted to set it up on my phone using the Bitwarden app, but I’m getting the following error message: “We couldn’t verify the server’s certificate. The certificate chain or your device’s proxy settings may not be configured correctly.” So, I used `mkcert` to create a trusted certificate with my SSL certificates for HTTPS and installed the `ca.crt` file on my phone, but I’m still getting the same error.

Here’s my setup: a Raspberry Pi 4 with 8 GB of RAM running Vaultwarden.

For HTTPS, I’m using Nginx on a specific port because multiple apps are running on HTTPS at the same IP address, and I can’t set up local DNS for now.

Is there an alternative to Bitwarden on mobile?

If you have a solution or suggestions, thanks in advance.

Edit: I finally got it to work. I had set up my SSL certificate incorrectly. For anyone who might stop by here someday and need this, I’m using Nginx as a reverse proxy. In the SSL configuration, I generated the .crt and .key files as usual, but I had never specified the SAN. Here’s the OpenSSL command: `openssl req -nodes -x509 -sha256 -newkey rsa:2048 -keyout vaultwarden.key -out vaultwarden.crt -days 365 -subj “/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=IP_Machine” -addext “subjectAltName = IP:IP_machine”

Change only the `IP_Machine` part; if that doesn’t work, change the `XX` parts.

Then download the `.crt` file to your phone and install it in your settings in the location where you can install trusted certificates.

reddit.com
u/BreakHeavy2673 — 7 days ago

What happened?

Since yesterday the site is not working and I don't see any news, can we know when the site is gona be operating? Or how much time is going to be down?

reddit.com
u/That-Success3943 — 13 days ago