Activation mail doesnt go thru

Installation Issues
1

Hi, my activation email is not being sent to my email address. Health check report is like this. Email is successfully. Cron job service is running. email_queue tbl has email records with try = 0

Environment

[PASS] PHP version 8.2.11.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[FAIL] Debug mode is on.
[HELP] Set debug = false; in /var/www/passbolt/config/passbolt.php
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.dgf.com/
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The private key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /var/www/passbolt/config/passbolt.php.
[PASS] The server public key defined in the /var/www/passbolt/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[FAIL] The private key cannot be used to sign a message
[HELP] Make sure that the server private key is valid and that there is no passphrase.
[HELP] Make sure you imported the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private1.asc” www-data
[FAIL] The public and private keys cannot be used to encrypt and sign a message
[FAIL] The private key cannot be used to decrypt a message
[FAIL] The private key cannot be used to decrypt and verify a message
[FAIL] The public key cannot be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.3.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /var/www/passbolt/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /var/www/passbolt/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /var/www/passbolt/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /var/www/passbolt/config/passbolt.php.

[FAIL] 6 error(s) found. Hang in there!

2

Hello @aaronoz , welcome to our community :wink:

Which email provider are you using? If you are using an external service sometimes the authentication method require an application password, have you checked our dedicated guide?

3

Thank you :slight_smile:

I am using our own smtp(test emails are successful, gpgkeys table is empty) ;
// Email configuration.
‘EmailTransport’ => [
‘default’ => [
‘transport’ => ‘Smtp’,
‘host’ => ‘*’,
‘port’ => 25,
‘username’ => ‘’,
‘password’ => ‘’,
// Is this a secure connection? true if yes, null if no.
‘SMTPSecure’ => ‘starttls’,
‘tls’ => true,
‘timeout’ => 30,
// ‘client’ => null,
//‘url’ => null,
],
],
‘Email’ => [
‘default’ => [
// Defines the default name and email of the sender of the emails.
‘from’ => [‘info@dgf.com.tr’ => ‘Passbolt’],
//‘charset’ => ‘utf-8’,
//‘headerCharset’ => ‘utf-8’,
],
],

4

After double checking the healthcheck, I see you are having an issue with the gpg keys which is the main issues we’d like to solve before going any further.

Can you share the output of this command:

ls -la /var/www/passbolt/config/gpg/

Also, as mentioned in the healthcheck, could you run:

sudo su -s /bin/bash -c “gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private1.asc” www-data
5

image
image950×244 120 KB

sudo su -s /bin/bash -c “gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private1.asc” www-data

image
image1057×133 31.9 KB

6

Can you run:

sudo chown -R www-data:www-data /var/www/passbolt/config/gpg

Then run the healthcheck again:

sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt healthcheck" www-data
7

The new check:
Environment

[PASS] PHP version 8.2.11.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.dgf.com/
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
[PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The private key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /var/www/passbolt/config/passbolt.php.
[PASS] The server public key defined in the /var/www/passbolt/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[FAIL] The private key cannot be used to sign a message
[HELP] Make sure that the server private key is valid and that there is no passphrase.
[HELP] Make sure you imported the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private1.asc” www-data
[FAIL] The public and private keys cannot be used to encrypt and sign a message
[FAIL] The private key cannot be used to decrypt a message
[FAIL] The private key cannot be used to decrypt and verify a message
[FAIL] The public key cannot be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.3.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /var/www/passbolt/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /var/www/passbolt/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: /var/www/passbolt/config/passbolt.php.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /var/www/passbolt/config/passbolt.php.

[FAIL] 5 error(s) found. Hang in there!

8

@antony your help is appreciated.

9

Could you try to rotate the server key? It looks like there is an issue with your keys.

10

I didnt install on docker, how would I rotate the keys then?

11

Only the first part of this guide concern Docker, you can follow what is below.

Also, since it seems that it is a from source installation, when we are referencing /etc/passbolt, for you, that’d be /var/www/passbolt/config