An Internal Error Has Occurred Error 500

Checklist
[ ] I have read intro post: About the Installation Issues category
[ ] I have read the tutorials, help and searched for similar issues
[ ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

Dear Passbolt Team,

I changed the certifiacte (from self-signed to wildcard), modified the config files in /etc/ngnix/conf.d and changed fullBaseURL in /var/www/passbolt/config/passbolt.php.

If I access the new URL i have to recover my account. When Passbolt sends me the recover-email i get the error “500 An Internal Error Has Occured”.

The error seemed strange to me, since i only changed the certificate. so i googled a bit but didnt found anything helpfull.
Healthcheck told me, that the certifactes arent correct (which could be a false positive) and that jwt direcotry is writable and a JWT Key is missing.

since I had created a snapshot, I had reset the VM back to the point where everything worked and can use passbolt again. I tried to recover my account in another browser, get the link from our server and the same error occured.

Healthcheck: the same.

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.24.
 [PASS] PCRE compiled with unicode support.
 [FAIL] The temporary directory and its content are not writable, or are executable.
 [HELP] Ensure the temporary directory and its content are writable by the webserver user.
 [HELP] you can try:
 [HELP] sudo chown -R www-data:www-data /var/www/passbolt/tmp/
 [HELP] sudo chmod -R 775 $(find /var/www/passbolt/tmp/ -type d)
 [HELP] sudo chmod -R 664 $(find /var/www/passbolt/tmp/ -type f)
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://SERVERNAME
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 37 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
 [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.5.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [FAIL] The /var/www/passbolt/config/jwt/ directory should not be writable.
 [HELP] You can try:
 [HELP] sudo chown -R www-data:www-data /var/www/passbolt/config/jwt/
 [HELP] sudo chmod 550 /var/www/passbolt/config/jwt/
 [HELP] sudo chmod 440 $(find /var/www/passbolt/config/jwt/ -type f)
 [FAIL] A valid JWT key pair is missing
 [HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:
 [HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data

 [FAIL] 5 error(s) found. Hang in there!

i looked up the error.log and this error keeps repeating:

2022-02-15 12:22:33 Error: Fatal Error (1): Trait 'App\Controller\Setup\SetupControllerTrait' not found in [/var/www/passbolt/src/Controller/Setup/RecoverStartController.php, line 30]
2022-02-15 12:22:33 Error: [Cake\Error\FatalErrorException] Trait 'App\Controller\Setup\SetupControllerTrait' not found in /var/www/passbolt/src/Controller/Setup/RecoverStartController.php on line 30
Request URL: /setup/recover/7ec16c1b-a653-469c-9eac-c6cfc371e27f/57c484f8-d162-4a0e-b914-67742d741e85

And now i have no idea what i could do.
Any Ideas? We updated the server maybe a month ago, could this be a part of the problem? How can I fix this?

Hi @hen Using the healthcheck, the next step is to follow the lines that say HELP after lines that say FAIL. Right at the top of the output is a mention of the temp folder not being configured right, so those following HELP lines can guide you regarding folder permissions.

Try to work through those and resolve the FAILs and that should help with overall functionality and troubleshooting if you still have problems.

Hi @hen

It seems you have rights problems with your passbolt temporary folder. You should execute the commands written below the error to fix rights / ownership.

And also with JWT authentication:

You should never run ./bin/cake commands as root user but as the web server user of your server, I guess www-data for you.

Once your files rights fixed, you should execute and send us the output of these commands:

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt cleanup"
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details"

Best,

Hey,

i fixed the problems in healthcheck (except SSL), but still the error message.

sudo -H -u www-data bash -c “/var/www/passbolt/bin/cake cache clear_all”:

Clearing default
Cleared default cache
Clearing _cake_core_
Cleared _cake_core_ cache
Clearing _cake_model_
Cleared _cake_model_ cache

sudo -H -u www-data bash -c “/var/www/passbolt/bin/cake passbolt cleanup”:

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Cleanup shell (fix mode)
-------------------------------------------------------------------------------
Exception: Unknown method "cleanupDuplicates" called on Passbolt\Folders\Model\Table\FoldersRelationsTable
In [/var/www/passbolt/vendor/cakephp/cakephp/src/ORM/Table.php, line 2618]

sudo -H -u www-data bash -c “/var/www/passbolt/bin/cake passbolt healthcheck”:

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.24.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://SERVERNAME
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 37 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
 [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.5.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [FAIL] 2 error(s) found. Hang in there!

sudo -H -u www-data bash -c “/var/www/passbolt/bin/cake passbolt datacheck --hide-success-details”:

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
Data check shell
[PASS] Data integrity for AuthenticationTokens.
  [PASS] Can validate: 1378/1378
[PASS] Data integrity for Comments.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Gpgkeys.
  [PASS] Can encrypt: 7/7
  [PASS] Can validate: 7/7
[PASS] Data integrity for Groups.
  [PASS] Can validate: 12/12
[PASS] Data integrity for Profiles.
  [PASS] Can validate: 8/8
[PASS] Data integrity for Resources.
  [PASS] Can validate: 616/616
[PASS] Data integrity for Secrets.
  [PASS] Can validate: 2864/2864
[PASS] Data integrity for Users.
  [PASS] Can validate: 8/8

In the Healthcheck its still the certificate, but it is valid, I can access the URL without a problem. I access the URL and can get a email for revoery. the link in the mail doesnt work and I get the error “An Internal Error has Occurred Error 500”. Its self signed - shouldnt be a problem? I will exchange the self-signed certificate for a wildcard anyway (after the problem is solved).
what does the “cleanup” error mean?

According to your tables number (37 tables), you are using a passbolt pro database.

Is your passbolt source code PRO or CE ?

You can check this with this command:

cat /var/www/passbolt/.git/config

Is the nginx configuration file has its webroot defined in /var/www/passbolt or /usr/share/php/passbolt ?

Cheers,

We tested in CE and upgraded to Pro when i remember correctly (not shure about that)

cat /var/www/passbolt/.git/config
[core]
        repositoryformatversion = 0
        filemode = true
        bare = false
        logallrefupdates = true
[remote "origin"]
        url = https://bitbucket.org/passbolt_pro/passbolt_pro_api
        fetch = +refs/heads/master:refs/remotes/origin/master
[branch "master"]
        remote = origin
        merge = refs/heads/master

webroot is in /var/www/passbolt/

Hi @hen

Thanks for the details. My guess is your git sources are plugged to PRO repository but your CE > PRO migration has not been done correctly.

The errors below means some PRO code is missing:

My advice is: “you should migrate to the package installation” following this documentation:

• if you are using Debian: Passbolt Help | Migrate passbolt CE from install scripts to Debian package
• if you are using Ubuntu: Passbolt Help | Migrate from install scripts to Ubuntu package

As you are a PRO user, you can create a support ticket on support@passbolt.com if needed.

Best regards,

Okay so i migrated from install scripts to ubunti package and the server is back online, but if i try to login i have to verify the server key and can continue to login. but after the password i get the messagen:

Sorry, you have not been signed in.

Something went wrong, the sign in failed with the following error:

The authentication failed.

I run a healtcheck and get an Error in the GPG Config

 GPG Configuration
 
 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
 [HELP] Import the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt//gpg/serverkey_private.asc" www-data
 [PASS] There is a valid email id defined for the server key.

To Fix this i used: sudo su -s /bin/bash -c “gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc” www-data

But still with the authentication error. I cleared the cache. I logged out and tried to recovery my account. When I upload my private key i get the message: “This key does not match any account.”

 sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt datacheck --hide-success-details"


     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
Data check shell
[PASS] Data integrity for AuthenticationTokens.
  [PASS] Can validate: 1391/1391
[PASS] Data integrity for Comments.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
  [PASS] Can validate: 0/0
[PASS] Data integrity for Gpgkeys.
  [PASS] Can encrypt: 7/7
  [PASS] Can validate: 7/7
  [PASS] Is not expired: 7/7
  [PASS] Is armored key format valid: 7/7
  [PASS] Is email unique: 7/7
[PASS] Data integrity for Groups.
  [PASS] Can validate: 12/12
[PASS] Data integrity for Profiles.
  [PASS] Can validate: 8/8
[PASS] Data integrity for Resources.
  [PASS] Can validate: 616/616
[PASS] Data integrity for Secrets.
  [PASS] Can validate: 2864/2864
[PASS] Data integrity for Users.
  [PASS] Can validate: 8/8

i checked the permissions in the key ring with

sudo -H -u www-data bash -c "ls -la /var/lib/passbolt/.gnupg"
total 52
drwx------ 3 www-data www-data  4096 Feb 19 20:20 .
drwxr-xr-x 4 www-data www-data  4096 Feb 19 19:47 ..
drwx------ 2 www-data www-data  4096 Feb 19 20:05 private-keys-v1.d
-rw-rw-r-- 1 www-data www-data 13719 Feb 19 20:10 pubring.kbx
-rw-rw-r-- 1 www-data www-data 12328 Feb 19 20:10 pubring.kbx~
-rw------- 1 www-data www-data   600 Feb 19 20:20 random_seed
srwx------ 1 www-data www-data     0 Feb 19 19:55 S.gpg-agent
srwx------ 1 www-data www-data     0 Feb 19 19:55 S.gpg-agent.browser
srwx------ 1 www-data www-data     0 Feb 19 19:55 S.gpg-agent.extra
srwx------ 1 www-data www-data     0 Feb 19 19:55 S.gpg-agent.ssh
-rw------- 1 www-data www-data  1200 Feb 19 19:55 trustdb.gpg

sudo -H -u www-data bash -c "gpg --list-keys --home=/var/lib/passbolt/.gnupg"
/var/lib/passbolt/.gnupg/pubring.kbx
pub   rsa4096 2018-03-26 [SC]
      changed
uid           [ unknown] Passbolt License (Passbolt License) <license@passbolt.com>
sub   rsa4096 2018-03-26 [E]

pub   rsa2048 2020-12-22 [SC]
      changed
uid           [ unknown] changed <passbolt@changed>
sub   rsa2048 2020-12-22 [E]
**and all other users are listed**

any ideas?

Hi @hen Can you also verify the private server key was imported successfully?

How can i check this?

Tried this:

/etc/passbolt$ sudo su -s /bin/bash -c "gpg --list-secret-keys" www-data
gpg: WARNING: unsafe permissions on homedir '/home/www-data/.gnupg'
/home/www-data/.gnupg/pubring.kbx
---------------------------------
sec   rsa2048 2020-12-22 [SC]
      **changed: is the same as seen on the loginscreen and old server**
uid           [ unknown] office-passbolt01 <passbolt@changed>
ssb   rsa2048 2020-12-22 [E]

@hen Yes, but on the other homedir like in the previous command you were showing. sudo -H -u www-data bash -c "gpg --list-keys --home=/var/lib/passbolt/.gnupg"

thats is my output:

sudo -H -u www-data bash -c "gpg --list-secret-keys --home=/var/lib/passbolt/.gnupg"
/var/lib/passbolt/.gnupg/pubring.kbx
------------------------------------
sec   rsa2048 2020-12-22 [SC]
      same key as above
uid           [ unknown] office-passbolt01 <passbolt@domain>
ssb   rsa2048 2020-12-22 [E]

should be correct, right?

Sorry for the confusion. i meant that i get the same private key from the following command:

sudo -H -u www-data bash -c "gpg --list-secret-keys --home=/var/lib/assbolt/.gnupg"
/var/lib/passbolt/.gnupg/pubring.kbx
------------------------------------
sec   rsa2048 2020-12-22 [SC]
      29..2
uid           [ unknown] office-passbolt01 <passbolt@domain>
ssb   rsa2048 2020-12-22 [E]

sudo su -s /bin/bash -c "gpg --list-secret-keys" www-data
/home/www-data/.gnupg/pubring.kbx
---------------------------------
sec   rsa2048 2020-12-22 [SC]
      29..2
uid           [ unknown] office-passbolt01 <passbolt@domain>
ssb   rsa2048 2020-12-22 [E]

Hi @hen,

Is the healthcheck command full pass ?

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

GPG authentication error can occur also if your server is not well synchronized with a time server (NTP).

You can check is systemd-timesyncd is running:

sudo systemctl status systemd-timesyncd.service
● systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-02-21 08:10:59 UTC; 4s ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 1483 (systemd-timesyn)
     Status: "Initial synchronization to time server 91.189.89.198:123 (ntp.ubuntu.com)."
      Tasks: 2 (limit: 1071)
     Memory: 1.3M
     CGroup: /system.slice/systemd-timesyncd.service
             └─1483 /lib/systemd/systemd-timesyncd

Feb 21 08:10:59 ubuntu2004 systemd[1]: Starting Network Time Synchronization...
Feb 21 08:10:59 ubuntu2004 systemd[1]: Started Network Time Synchronization.
Feb 21 08:11:00 ubuntu2004 systemd-timesyncd[1483]: Initial synchronization to time server 91.189.89.198:123 (ntp.ubuntu.com).

If you execute the date command, it must returns the same date and time than the https://time.is website.

Cheers,

Healthcheck seems fine, the SSL Error shouldnt be the problem?:

sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
[sudo] password for :

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.24.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://server
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
 [HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 37 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.5.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [FAIL] 2 error(s) found. Hang in there!

Wrong timezone was set, changed it and rebootet the server. output from time service now:

sudo systemctl status systemd-timesyncd.service
● systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-02-21 09:51:15 CET; 2min 33s ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 676 (systemd-timesyn)
     Status: "Initial synchronization to time server 91.189.94.4:123 (ntp.ubuntu.com)."
      Tasks: 2 (limit: 2178)
     Memory: 1.8M
     CGroup: /system.slice/systemd-timesyncd.service
             └─676 /lib/systemd/systemd-timesyncd

Feb 21 09:51:15 office-passbolt01 systemd[1]: Starting Network Time Synchronization...
Feb 21 09:51:15 office-passbolt01 systemd[1]: Started Network Time Synchronization.
Feb 21 09:51:18 office-passbolt01 systemd-timesyncd[676]: Network configuration changed, trying to establish connection.
Feb 21 09:51:20 office-passbolt01 systemd-timesyncd[676]: Network configuration changed, trying to establish connection.
Feb 21 09:51:50 office-passbolt01 systemd-timesyncd[676]: Initial synchronization to time server 91.189.94.4:123 (ntp.ubuntu.com).

date and https://time.is shows the correct date and time.

Error still occurs.
Maybe I should install a new server and migrate the data? Would that be easier / faster than troubleshooting?

Hi,

No, the SSL error shouldn’t be the problem. Do you still have this issue while trying to connect ?

If yes, it seems your private key is not the good one. You can check your private key by upload it to your passbolt server, or any Linux / MacOS machine. I assume it is named “passbolt_private.asc”.

$ gpg --show-keys passbolt_private.asc
sec#  rsa2048 2021-08-16 [SC]
      FD2CBE35090BBE2B5066EEA7ADBE777C62E90E6A
uid                      John Doe <john@doe.com>
ssb#  rsa2048 2021-08-16 [E]

You should see your name and email address. And you should find the displayed fingerprint in the passbolt OpenPGP keyring:

sudo -H -u www-data bash -c "gpg --list-keys --home=/var/lib/passbolt/.gnupg"

Best,

i uploaded my private to the server and got this:

gpg --show-keys passbolt_private-w.txt
sec#  rsa2048 2020-12-24 [SC]
      E...5
uid                      My Name (Passbolt-12_2020-W) <my-mail@domain.com>
ssb#  rsa2048 2020-12-24 [E]

i removed the names/mails and keys, but my key exists E…5

sudo -H -u www-data bash -c "gpg --list-keys --home=/var/lib/passbolt/.gnupg"
/var/lib/passbolt/.gnupg/pubring.kbx
------------------------------------
pub   rsa4096 2018-03-26 [SC]
      1..3
uid           [ unknown] Passbolt License (Passbolt License) <license@passbolt.com>
sub   rsa4096 2018-03-26 [E]

pub   rsa2048 2020-12-22 [SC]
      2..2
uid           [ unknown] office-passbolt01 <passbolt@domain.com>
sub   rsa2048 2020-12-22 [E]

pub   rsa2048 2021-02-08 [SC]
      5..8
uid           [ unknown] User1 <@domain.de>
sub   rsa2048 2021-02-08 [E]

pub   rsa2048 2021-01-14 [SC]
      4..4
uid           [ unknown] User2 () <@domain.com>
sub   rsa2048 2021-01-14 [E]

pub   rsa2048 2021-02-19 [SC]
      A..D
uid           [ unknown] User3 <@domain.com>
sub   rsa2048 2021-02-19 [E]

pub   rsa2048 2021-02-16 [SC]
      E..9
uid           [ unknown] User4 <@domain.de>
sub   rsa2048 2021-02-16 [E]

pub   rsa2048 2020-12-23 [SC]
      7..8
uid           [ unknown] User5 <@domain.com>
sub   rsa2048 2020-12-23 [E]

pub   rsa2048 2020-12-24 [SC]
      E..5
uid           [ unknown] MY USER (Passbolt-12_2020-W) <my.mail@domain.com>
sub   rsa2048 2020-12-24 [E]

pub   rsa2048 2020-12-22 [SC]
      B7322F477AEE513F4BEEEB61BDE810DB34EA3110
uid           [ unknown] User6 <passbolt@domain.com>
sub   rsa2048 2020-12-22 [E]

i wonder why the account “passbolt@domain.com” exits twice?
Did I miss to migrate or link the correct keyring or something?

And if you execute this request in mysql, do you get results ?

SELECT * FROM gpgkeys WHERE fingerprint = "your-key-fingerprint" \G

If yes, you should be able to connect.

If you still not able, which error message is displayed ? Do you have any other error message in /var/log/passbolt/error.log ? Maybe should you check if date and time on your workstation are correct too.

Best,

i can access the database and find the key:

MariaDB [passboltdb]> SELECT * FROM gpgkeys WHERE fingerprint = "E..5" \G
*************************** 1. row ***************************
         id: 9..e
    user_id: 7..f
armored_key: -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.4
Comment: https://openpgpjs.org

...
-----END PGP PUBLIC KEY BLOCK-----

       bits: 2048
        uid: W. (Passbolt-12_2020-W.) <my.mail@domain.com>
     key_id: D..5
fingerprint: E..5
       type: RSA
    expires: NULL
key_created: 2020-12-24 11:24:05
    deleted: 0
    created: 2020-12-24 11:24:33
   modified: 2020-12-24 11:24:33
1 row in set (0.001 sec)

Still no access.

there is no log in /var/log/passbolt - directory is empty?!

date on workstation and server is correct.

You can touch error.log in the /var/log/passbolt directory and make sure it’s owned by webserver user.

FYI this error is common and expected:

Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /usr/share/php/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177