Cant log into to Server with Android.

[molten360]

After a recent update to the android app last week, im no longer able to log into my server using the android app. I have tried two different servers based off this deployment. Every time I attempt to log in, I receive the error "An error has occurred. There is a problem connecting to the server" Web browser, desktop and chrome extension function normally.

[mprasil]

Which version of app is that? Do you see any logs on the server side?

[molten360]

App Version is 1.18.1 updated on Aug 21 2018. Honestly. I wouldnt know where to look for logs. Point me in a direction and Ill hunt.

[mprasil]

I'm using 1.18.1 myself and it seems to work fine. Are you sure you're using latest version of the image? How did you install the server? If you're using docker, make sure you do docker pull mprasil/bitwarden before starting the image.

[molten360]

I actually redeployed the latest image from mprasil/bitwarden this morning from scratch to make sure it wasnt an outdated container not updating. Again, the web page, windows desktop app and chrome extension works, but my Samsung S7 does not. I even tried another S7 on a different provider to make sure.

[mprasil]

First do:

docker ps -a | grep -P '(CONTAINER|bitwarden)'

That should give you the container ID (the first hash string in the output) Then you can do:

docker logs --follow --tail 10 CONATINER_ID

Obviously replace CONTAINER_ID with an actual id. This will start monitoring the server logs. (ctrl+c to cancel) Now try to log in with your android app and see if you can see any logs on the server.

[mprasil]

Also please do docker inspect CONTAINER_ID -f '{{ .Image }}' to double check the image version. It should start with:

sha256:e81724953698......

[dobunzli]

I don’t know if this can help, but I had problems connecting from the outside to Bitwarden with my mobile as long as I had not issued « a real » let’encrypt certificat for my serveur domain... so maybe check this.

For the raspberry image, thanks ! As I am on the run, I will not ne able to test before this evening.... but will give feed-back

Envoyé d'un mobile

Le 12 sept. 2018 à 17:03, mprasil notifications@github.com a écrit :

Also please do docker inspect CONTAINER_ID -f '{{ .Image }}' to double check the image version. It should start with:

sha256:e81724953698...... — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[molten360]

It's something with my vps. Deployed it locally and it worked on android. It's like the android app wouldn't connect to the vps but the webpage works

On Wed, Sep 12, 2018, 11:39 AM dobunzli, notifications@github.com wrote:

I don’t know if this can help, but I had problems connecting from the outside to Bitwarden with my mobile as long as I had not issued « a real » let’encrypt certificat for my serveur domain... so maybe check this.

For the raspberry image, thanks ! As I am on the run, I will not ne able to test before this evening.... but will give feed-back

Envoyé d'un mobile

Le 12 sept. 2018 à 17:03, mprasil notifications@github.com a écrit :

Also please do docker inspect CONTAINER_ID -f '{{ .Image }}' to double check the image version. It should start with:

sha256:e81724953698...... — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dani-garcia/bitwarden_rs/issues/176#issuecomment-420695290, or mute the thread https://github.com/notifications/unsubscribe-auth/AIDU4CgLoMm9HUg6TgtfxP1Xyf5i3OA7ks5uaSrJgaJpZM4WlhsK .

[janost]

Experiencing a similar issue running the app a Honor 8 phone. Using the same server instance from a OnePlus 5T works great, so I believe it's not an issue with bitwarden_rs. Haven't had time to debug it yet, but when I do I will report back with my findings.

[mprasil]

Hi, are you using https? The difference between the OS versions might be the answer here, I've seen some older Androids not trusting let's encrypt certificates.

[janost]

Hello, yes, I'm using HTTPS with a Let's Encrypt cert. The Honor 8 is running the latest official firmware based on Android 7.0, the 5T is running 8.1.0. I tried running logcat through USB debugging but I couldn't really see any relevant error messages about the Bitwarden connection issue.

[dani-garcia]

@janost If you access the web vault from the Honor phone, do you get a certificate error?

If so, you may need to add Let's Encrypt certificates to your phone (https://letsencrypt.org/certificates/).

Another option that may work is adding those Let's Encrypt certificates to your PEM file, something like:

-----BEGIN CERTIFICATE-----
<Let's Encrypt cert>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Your cert>
-----END CERTIFICATE-----

[janost]

Sorry for the late update on this. No, I don't get a certificate error on the web vault, the issue doesn't seem like a TLS error and also it's not an issue with bitwarden_rs.

People randomly experience it according to some bug reports like this one. Something in the Android app is broken bot nobody seems to be able to figure out exactly what.

[dani-garcia]

Did you try to bundle your cert with the Let's Encrypt root and intermediate certs like I mentioned? That seems to solve the issue for a user there,

[janost]

Yes, I tried that and it didn't solve my issue.

[rootty]

Hi all, I experienced a similar issue. I'm using letsencrypt for HTTPS. Yes, it works with plugin, browser, even android firefox browser. But for native apps trusted chain is required. So I replaced this line certs="/ssl/live/mydomain/cert.pem",... with this one certs="/ssl/live/mydomain/fullchain.pem",... . Now your certificate is trusted by most OSes and rated with A score here https://www.ssllabs.com/ssltest/

[jceloria]

Brand new deployment in docker today behind an Apache reverse proxy terminating a letsencrypt cert with oauth2 authentication (mod_auth_openidc). Chrome on Android works great, app does not.

I just disabled the oauth2 authentication and it works

[mprasil]

Not sure if app supports oauth2, so that definitely might be an issue.

[jceloria]

Thanks @mprasil, that was in fact the problem.

[DarkMio]

I got the same problem, no oauth. It's a fresh installation, LE-certs, everything is fine, even the OSX app works just fine.

The docket container is behind a nginx reverse proxy, websockets do just fine. However, looking through the access.log any kind of request is missing from the app, which leads me to suspect an issue with the app refusing to connect to begin with.

Edit: on an unrelated note: The websockets didn't work until I used the fullchain certificate on any of my systems - that might be worthwhile to update in the readme, since it suggest LE certs already.

Edit: I figured out my problem:

• bitwarden_rs was using the fullchain.pem
• nginx still had only the chain.pem
• nginx error log showed a 2018/10/26 06:30:43 [error] 8921#8921: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status, responder: ocsp.int-x3.letsencrypt.org
• changing nginx configuration from chain/cert to fullchain solved that and the app magically worked again

Still not exactly sure why the browser(s) had no problem with it at all.

[TheManchineel]

I have managed to solve this issue. It's most likely related to some certificate validation bug in Android itself, as the same app already worked flawlessly on iOS. It is by no means related to bitwarden_rs itself. The solution, as others suggested, was to use the fullchain.pem certificate instead of cert.pem. In my specific setup, there is an extra cause I could attribute this to: a certificate mismatch between my main web service running on port 443 and my bitwarden_rs install on another port.

[andre1808]

* changing nginx configuration from chain/cert to fullchain solved that and the app magically worked again

Can you explain how/where you did that?

-edit- I've got it working - finally! What I did is to remove the CA certificate from the config.yml (I'm using docker) I've combined my CA certificate with the server certificate and only used them. After a /bitwarden.sh rebuild my Android App is finally working again!

[dani-garcia]

Well, now that there is a solution, I'm closing this issue. I docummented it a bit on the readme for future uses.

[ZXant]

Had Android connectivity problems with Android, till found Andre1808 post (cat cert chain >> certificate.crt)

That is combine "cert" and "chain" into a single file:

'# cat cert chain >> certificate.crt