Edit: nuking SWAG and starting fresh with Ngnix PM seems to have solved it for the time being. Not sure what the problem was, but it didn't appear to be related to my vaultwarden setup.
------------------------------------------------------------------
I'm getting my butt kicked by certificates. The problem I'm trying to solve is the "chain validation failed" when using the bitwarden android app. Everything else works fine. The iOS app, macos app, and windows app all work. All browsers on windows/linux/android/iphone all work perfectly.
What's worse is that I have managed to have the android app working for maybe a day or so after changing to a fresh domain, but then it breaks again once I reissue a cert.
I'm running bitwarden through the swag container. Nothing super elaborate. Mostly running stock out of the box, per space invader one tutorials. 've tried a few different domains on google, with no change in results.
What I'm most hung up on is I get different behavior checking on SSL Labs vs Digicert. If it matters, I changed the "only subdomains" key in swag to false, so I could test the main domain.
SSL Labs
mydomain.group = A
bitwarden.mydomain.group = A
nextcloud.myomain.group = A+
Digicert
mydomain.group = all green checks
bitwarden.mydomain.group = "unable to connect"
nextcloud.mydomain.group = all green checks
The few brief times the Android app did work, I think it corresponded with the digicert check passing the bitwarden.mydomain.group test, but I'm not positive. I seem to be at a dead end here though.
Any suggestions for next steps?