Admin Portal: Unable to fetch installed version (Web Installed)

FriderKlugser commented 1 year ago

Steps To Reproduce

Go to the Bitwarden Admin Portal
Log in
Look for 'Web Installed'

Expected Result

Web Installed: 2023.4.2

Actual Result

Web Installed: Unable to fetch installed version

Screenshots or Videos

No response

Additional Context

I'm using HTTPS with a Let's Encrypt Certificate. It's propably because of missing "localhost" in the Subject Alternative Name (SAN).

Output of the admin.log: 2023-05-28 20:41:43.492 +02:00 [ERR] Error encountered while sending GET request to https://localhost:443/version.json System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation'1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Bit.Admin.Controllers.HomeController.GetInstalledWebVersion(CancellationToken cancellationToken) in /source/src/Admin/Controllers/HomeController.cs:line 73

Githash Version

a86618ce-dirty

Environment Details

Raspberry Pi 4 (8 GB) Raspberry Pi OS (64-bit, bullseye) Docker Engine 24.0.1 Docker Compose 2.18.1

Database Image

sqlite:3

Issue-Link

https://github.com/bitwarden/server/issues/2480

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

SergeantConfused commented 1 year ago

Hi @FriderKlugser,

Thank you for your report. I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thank you,

mind12 commented 9 months ago

I'm also experiencing the same issue with the latest version (beta tag - 2024.1.2).

These are the admin logs below when I browse the /admin/home/getinstalledwebversion site, that gives me HTTP 500 error in Chrome and "Unable to fetch installed version" message.

I'm using a private CA signed certificate.

Let me know what else do you need for further investigation.

=> SpanId:b91a395298ebdcaa, TraceId:eb7fa09cc8ff8aa5fd065ec9d6fc4cbe, ParentId:0000000000000000 => ConnectionId:0HN0UNOM2HH98 => RequestPath:/admin/home/getinstalledwebversion RequestId:0HN0UNOM2HH98:00000002 => Bit.Admin.Controllers.HomeController.GetInstalledWebVersion (Admin) Error encountered while sending GET request to https://localhost:8443/version.json System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Bit.Admin.Controllers.HomeController.GetInstalledWebVersion(CancellationToken cancellationToken) in /source/src/Admin/Controllers/HomeController.cs:line 73

mitchellvanbijleveld commented 6 months ago

I am having the same issue.

kleinerhobbit commented 5 months ago

same here

tskibinski commented 4 months ago

I see the same issue with my deployment.

BitWarden is deployed behind load balancer that uses valid SSL/TLS certificate, while the container is started with BW_ENABLE_SSL=true and uses self-signed certificate internally to ensure encryption between load balancer and its services. It seems that BW does not accept self-signed certificate and/or has a problem with incorrect host - localhost.

I'm able to check version manually, using curl and accepting such certificate:

root@e0f8181c1526:/app# curl https://localhost:8443/version.json
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

root@e0f8181c1526:/app# curl -k https://localhost:8443/version.json
{ "version": "2024.6.0" }

I understand that I could try to:

Disable SSL inside BW container and offload handling SSL/TLS for load balancer.
Try to overwrite variable like globalSettings__baseServiceUri__internalVault, to instruct BW to go through my load balancer to check version, but I'm not sure what it might have on other functionalities.

I'm currently using bitwarden/self-host:2024.6.1-beta docker image in my setup.

bitwarden / server