404 not found setup/install folder

Good morning, I have installed Passolt CE following the official guide “From source code” and when I have tried to follow the given link to complete administrator sign up, apache gave me a 404 error.
I have been searching for my problem through this forum and Google and I have found some similar cases a few years ago but the solutions don’t work with me (because some of them where on Nginx).

I have the last version of Passbolt CE installed following the “From source code” guide from official page in Debian 10, with Apache v2.4.38, MariaDB v.10.3.27 and PHP v7.3.

Here is the healthcheck command response:
diegosr@termin-debvps:~/domains/pbt.diegosr.es/public_html$ /bin/bash -c “./bin/cake passbolt healthcheck” diegosr

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
---------------------------------------------------------------
 Healthcheck shell
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.3.27-1~deb10u1.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://pbt.diegosr.es
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
  [HELP] Check that the domain name is correct in config/passbolt.php
  [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 25 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/diegosr/.gnupg.
 [PASS] The directory /home/diegosr/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server gpg key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.0.1).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  3 error(s) found. Hang in there!

Originally there were 4 errors (the Application Configuration > App.fullBaseUrl is set to HTTPS was fail) but as I saw searching for my problem, someone had reported an error on “src/Utility/Healthchecks.php” file at line 83 (more or less) regarding to the change of “$checks[‘application’][‘sslFullBaseUrl’] = ($https === false);” to “$checks[‘application’][‘sslFullBaseUrl’] = ($https !== false);”

This is my apache site.conf file (that was generated by Virtualmin and where I have added some headers that I have found recommended):

<VirtualHost 161.97.163.96:80>
    SuexecUserGroup "#1000" "#1000"
    ServerName pbt.diegosr.es
    DocumentRoot /home/diegosr/domains/pbt.diegosr.es/public_html
    ErrorLog /var/log/virtualmin/pbt.diegosr.es_error_log
    CustomLog /var/log/virtualmin/pbt.diegosr.es_access_log combined
    ScriptAlias /cgi-bin/ /home/diegosr/domains/pbt.diegosr.es/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/diegosr/domains/pbt.diegosr.es/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    AddHandler fcgid-script .php
    AddHandler fcgid-script .php7.3
    FCGIWrapper /home/diegosr/domains/pbt.diegosr.es/fcgi-bin/php7.3.fcgi .php
    FCGIWrapper /home/diegosr/domains/pbt.diegosr.es/fcgi-bin/php7.3.fcgi .php7.3
    </Directory>
    <Directory /home/diegosr/domains/pbt.diegosr.es/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    </Directory>
    RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
    RemoveHandler .php
    RemoveHandler .php7.3
    FcgidMaxRequestLen 1073741824
</VirtualHost>
<VirtualHost 161.97.163.96:443>
    SuexecUserGroup "#1000" "#1000"
    ServerName pbt.diegosr.es
    DocumentRoot /home/diegosr/domains/pbt.diegosr.es/public_html
    ErrorLog /var/log/virtualmin/pbt.diegosr.es_error_log
    CustomLog /var/log/virtualmin/pbt.diegosr.es_access_log combined
    ScriptAlias /cgi-bin/ /home/diegosr/domains/pbt.diegosr.es/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/diegosr/domains/pbt.diegosr.es/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    allow from all
    Options FollowSymLinks MultiViews
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    AddType application/x-httpd-php .php
    AddHandler fcgid-script .php
    AddHandler fcgid-script .php7.3
    FCGIWrapper /home/diegosr/domains/pbt.diegosr.es/fcgi-bin/php7.3.fcgi .php
    FCGIWrapper /home/diegosr/domains/pbt.diegosr.es/fcgi-bin/php7.3.fcgi .php7.3
    </Directory>
    <Directory /home/diegosr/domains/pbt.diegosr.es/cgi-bin>
    allow from all
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    Require all granted
    SSLOptions +StdEnvVars
    </Directory>
    RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"
    RemoveHandler .php
    RemoveHandler .php7.3
    FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/diegosr/ssl/cert.pem
SSLCertificateKeyFile /home/diegosr/ssl/privkey.pem
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/diegosr/domains/pbt.diegosr.es/ssl.ca
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff
</VirtualHost>

Thank you for attending me and I hope we can get a solution for my problem.

Hi @Termindiego25 are you getting an apache 404 error or a 404 generated by passbolt? If that’s the former, you need to double check your apache configuration, here is an example of apache configuration that works:

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                ServerName www.passbolt.test
                DocumentRoot /var/www/passbolt/webroot

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key


                <FilesMatch "\.(php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>

        <Directory /var/www/passbolt/webroot>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        </VirtualHost>
</IfModule>

Make sure that you have mod_rewrite enabled also.

Thank you for answering. This is what is happening when I follow the given link:

image1003×367 13.7 KB

I have checked that mod_rewrite is installed and enabled and it is

@Termindiego25 this looks like an apache error. Your issue is most likely that the apache configuration is wrong or not active.

According to the Apache config I have shown, do you have some ideas about why is failing?
I have other websites managed by Virtualmin and I had no problems

I’m still having the same problem and I don’t know how to solve it. I have posted my Apache config for the domain used to access my Passbolt (generated by Virtualmin) and I don’t know if there is something wrong with that config.
If you need some information else please ask for them. I have tried to install it on another PC and have the same problem. I’m a bit new with this, so I would like to be able to install manually Passbolt and have it running properly

I have removed the Passbolt folder and DB, and tried to install the newer version following the same steps as before, from the official guide “From source code”. Unfortunately, it doesn’t solve my problem.
This is what it shows doing the healthcheck command:

diegosr@termin-debvps:~# su -s /bin/bash -c "./bin/cake passbolt healthcheck" diegosr

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
---------------------------------------------------------------
 Healthcheck shell
---------------------------------------------------------------

 Environment

 [PASS] PHP version 7.3.27-1~deb10u1.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable.
 [PASS] The public image directory and its content are writable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://pbt.diegosr.es
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
  [HELP] Check that the domain name is correct in config/passbolt.php
  [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 25 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/diegosr/.gnupg.
 [PASS] The directory /home/diegosr/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server gpg key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.0.2).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  3 error(s) found. Hang in there!

EDIT: now I have a 403 forbidden error when trying to acces the setup url, but I followed all the steps using the correct user, so I don’t know what could be failing

I have tried to copy Passbolt’s folder, delete the configuration of Apache Passbolt’s site from Virtualmin and re-generate it again.
Then I have moved the Passbolt folder again to the public_html folder that Virtualmin creates and for an unknown reasson, now it works.
Here is the Apache Passbolt’s site config without any change excepting the SSL certificate folder:

SuexecUserGroup "#1000" "#1000"
ServerName pbt.diegosr.es
DocumentRoot /home/diegosr/domains/pbt.diegosr.es/public_html
ErrorLog /var/log/virtualmin/pbt.diegosr.es_error_log
CustomLog /var/log/virtualmin/pbt.diegosr.es_access_log combined
ScriptAlias /cgi-bin/ /home/diegosr/domains/pbt.diegosr.es/cgi-bin/
DirectoryIndex index.php index.php4 index.php5 index.htm index.html
<Directory /home/diegosr/domains/pbt.diegosr.es/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php7.3
FCGIWrapper /home/diegosr/domains/pbt.diegosr.es/fcgi-bin/php7.3.fcgi .php
FCGIWrapper /home/diegosr/domains/pbt.diegosr.es/fcgi-bin/php7.3.fcgi .php7.3
</Directory>
<Directory /home/diegosr/domains/pbt.diegosr.es/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RemoveHandler .php
RemoveHandler .php7.3
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/diegosr/ssl/cert.pem
SSLCertificateKeyFile /home/diegosr/ssl/privkey.pem
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

If someone knows what could happen please be free to answer this post and help people in the future that could have this problem again

Hi @Termindiego25 sorry it’s difficult to help you as you are using a custom setup that is not officially supported (virtualmin generated apache configuration file). Try to review the apache configuration I posted I see how it can be applied in your context.

Otherwise you can try to spin up a vanilla debian machine and follow the official guide / install using the debian package.

Maybe you can also try to ask for some help on Get Support for Virtualmin or Cloudmin | Virtualmin

Do you know at least why I’m getting the SSL certificate error?
I’m not using a self-signed certificate, I’m using an SSL certificate from LetsEncrypt but I don’t know why Passbolt says that is a self-signed