server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon bitwarden

Admin Portal: Unable to fetch installed version (Web Installed)

Open FriderKlugser opened this issue 2 years ago • 5 comments

Steps To Reproduce

  1. Go to the Bitwarden Admin Portal
  2. Log in
  3. Look for 'Web Installed'

Expected Result

Web Installed: 2023.4.2

Actual Result

Web Installed: Unable to fetch installed version

Screenshots or Videos

No response

Additional Context

I'm using HTTPS with a Let's Encrypt Certificate. It's propably because of missing "localhost" in the Subject Alternative Name (SAN).

Output of the admin.log: 2023-05-28 20:41:43.492 +02:00 [ERR] Error encountered while sending GET request to https://localhost:443/version.json System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation'1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Bit.Admin.Controllers.HomeController.GetInstalledWebVersion(CancellationToken cancellationToken) in /source/src/Admin/Controllers/HomeController.cs:line 73

Githash Version

a86618ce-dirty

Environment Details

Raspberry Pi 4 (8 GB) Raspberry Pi OS (64-bit, bullseye) Docker Engine 24.0.1 Docker Compose 2.18.1

Database Image

sqlite:3

Issue-Link

https://github.com/bitwarden/server/issues/2480

Issue Tracking Info

  • [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

FriderKlugser avatar May 28 '23 19:05 FriderKlugser

Hi @FriderKlugser,

Thank you for your report. I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thank you,

SergeantConfused avatar May 30 '23 06:05 SergeantConfused

I'm also experiencing the same issue with the latest version (beta tag - 2024.1.2).

These are the admin logs below when I browse the /admin/home/getinstalledwebversion site, that gives me HTTP 500 error in Chrome and "Unable to fetch installed version" message.

I'm using a private CA signed certificate.

Let me know what else do you need for further investigation.

=> SpanId:b91a395298ebdcaa, TraceId:eb7fa09cc8ff8aa5fd065ec9d6fc4cbe, ParentId:0000000000000000 => ConnectionId:0HN0UNOM2HH98 => RequestPath:/admin/home/getinstalledwebversion RequestId:0HN0UNOM2HH98:00000002 => Bit.Admin.Controllers.HomeController.GetInstalledWebVersion (Admin) Error encountered while sending GET request to https://localhost:8443/version.json System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch, RemoteCertificateChainErrors at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Bit.Admin.Controllers.HomeController.GetInstalledWebVersion(CancellationToken cancellationToken) in /source/src/Admin/Controllers/HomeController.cs:line 73

mind12 avatar Jan 29 '24 15:01 mind12

I am having the same issue.

mitchellvanbijleveld avatar Apr 28 '24 17:04 mitchellvanbijleveld

same here

kleinerhobbit avatar May 27 '24 10:05 kleinerhobbit

I see the same issue with my deployment.

BitWarden is deployed behind load balancer that uses valid SSL/TLS certificate, while the container is started with BW_ENABLE_SSL=true and uses self-signed certificate internally to ensure encryption between load balancer and its services. It seems that BW does not accept self-signed certificate and/or has a problem with incorrect host - localhost.

I'm able to check version manually, using curl and accepting such certificate:

root@e0f8181c1526:/app# curl https://localhost:8443/version.json
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

root@e0f8181c1526:/app# curl -k https://localhost:8443/version.json
{ "version": "2024.6.0" }

I understand that I could try to:

  • Disable SSL inside BW container and offload handling SSL/TLS for load balancer.
  • Try to overwrite variable like globalSettings__baseServiceUri__internalVault, to instruct BW to go through my load balancer to check version, but I'm not sure what it might have on other functionalities.

I'm currently using bitwarden/self-host:2024.6.1-beta docker image in my setup.

tskibinski avatar Jun 19 '24 15:06 tskibinski