Hi everyone, and thank you for your great app.
I am trying to set up a periodic backup to avoid trouble in case of issues. My Passbolt server version is 4.4 and is set up using Docker. I followed this guide to keep a copy of essential files and directories. I ignored users’ keys, assuming that everyone does it manually. Now I have the following:
- gpg directory
- certs directory
- database_dump.sql
- docker-compose.yml file, which includes environment variables
However, my restore attempt failed with the following error on the webpage:
Something went wrong!
The operation failed with the following error:
Could not verify the server key. The authentication failed.
[Try again] this is a button
health check report:
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 8.2.7.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://example.net
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 31 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[FAIL] The server key fingerprint doesn't match the one defined in /etc/passbolt/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
[PASS] There is a valid email id defined for the server key.
Application configuration
[FAIL] Could not connect to passbolt repository to check versions It is not possible check if your version is up to date.
[HELP] Check the network configuration to allow this script to check for updates.
[FAIL] Passbolt is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in /etc/passbolt/passbolt.php.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[FAIL] SMTP Setting errors: The OpenPGP server key defined in the config cannot be used to decrypt. There is an issue with the OpenPGP server key. The fingerprint does not match the one associated with the key on file.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[FAIL] 5 error(s) found. Hang in there!
Docker initialization log:
passbolt | wait-for.sh: waiting for db:3306 without a timeout
passbolt | wait-for.sh: db:3306 is available after 12 seconds
passbolt | ==================================================================================
passbolt | Your entropy pool is low. This situation could lead GnuPG to not
passbolt | be able to create the gpg serverkey so the container start process will hang
passbolt | until enough entropy is obtained.
passbolt | Please consider installing rng-tools and/or virtio-rng on your host as the
passbolt | preferred method to generate random numbers using a TRNG.
passbolt | If rngd (rng-tools) does not provide enough or fast enough randomness you could
passbolt | consider installing haveged as a helper to speed up this process.
passbolt | Using haveged as a replacement for rngd is not recommended. You can read more
passbolt | about this topic here: https://lwn.net/Articles/525459/
passbolt | ==================================================================================
passbolt | gpg: keybox '/var/lib/passbolt/.gnupg/pubring.kbx' created
passbolt | gpg: /var/lib/passbolt/.gnupg/trustdb.gpg: trustdb created
passbolt | gpg: directory '/var/lib/passbolt/.gnupg/openpgp-revocs.d' created
passbolt | gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/****************************************.rev'
passbolt | gpg: key ****************: "Passbolt default user <passbolt@yourdomain.com>" not changed
passbolt | gpg: Total number processed: 1
passbolt | gpg: unchanged: 1
passbolt | gpg: key ****************: "Passbolt default user <passbolt@yourdomain.com>" not changed
passbolt | gpg: key ****************: secret key imported
passbolt | gpg: Total number processed: 1
passbolt | gpg: unchanged: 1
passbolt | gpg: secret keys read: 1
passbolt | gpg: secret keys unchanged: 1
passbolt | Installing passbolt
passbolt |
passbolt | ____ __ ____
passbolt | / __ \____ _____ ____/ /_ ____ / / /_
passbolt | / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
passbolt | / ____/ /_/ (__ |__ ) /_/ / /_/ / / /
passbolt | /_/ \__,_/____/____/_.___/\____/_/\__/
passbolt |
passbolt | Open source password manager for teams
passbolt | -------------------------------------------------------------------------------
passbolt | Running baseline checks, please wait...
passbolt | The server key fingerprint does not match the fingerprint mentioned in config/passbolt.php
passbolt | Please run ./bin/cake passbolt healthcheck for more information and help.
passbolt | Running migrations
passbolt |
passbolt | ____ __ ____
passbolt | / __ \____ _____ ____/ /_ ____ / / /_
passbolt | / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
passbolt | / ____/ /_/ (__ |__ ) /_/ / /_/ / / /
passbolt | /_/ \__,_/____/____/_.___/\____/_/\__/
passbolt |
passbolt | Open source password manager for teams
passbolt | -------------------------------------------------------------------------------
passbolt | -------------------------------------------------------------------------------
passbolt | Running migration scripts.
passbolt | -------------------------------------------------------------------------------
passbolt | using migration paths
passbolt | - /etc/passbolt/Migrations
passbolt | using seed paths
passbolt | using environment default
passbolt | using adapter mysql
passbolt | using database passbolt
passbolt | ordering by creation time
passbolt |
passbolt | == 20230512220600 V410ImproveFoldersRelationsIndexesShareFoldersPerformance: migrating
passbolt | == 20230512220600 V410ImproveFoldersRelationsIndexesShareFoldersPerformance: migrated 0.0410s
passbolt |
passbolt | == 20230601101058 V410RemoveTypeFromTotpResourceTypes: migrating
passbolt | == 20230601101058 V410RemoveTypeFromTotpResourceTypes: migrated 0.0063s
passbolt |
passbolt | == 20230607174200 V410DeleteRootRole: migrating
passbolt | == 20230607174200 V410DeleteRootRole: migrated 0.0011s
passbolt |
passbolt | == 20230607174300 V410AddRbacsTables: migrating
passbolt | == 20230607174300 V410AddRbacsTables: migrated 0.0395s
passbolt |
passbolt | == 20230607174301 V410InsertUiActions: migrating
passbolt | == 20230607174301 V410InsertUiActions: migrated 0.0269s
passbolt |
passbolt | == 20230607174302 V410InsertDefaultRbacsUiActions: migrating
passbolt | == 20230607174302 V410InsertDefaultRbacsUiActions: migrated 0.0234s
passbolt |
passbolt | == 20230718083939 V420AddUserIdIndexToProfiles: migrating
passbolt | == 20230718083939 V420AddUserIdIndexToProfiles: migrated 0.0315s
passbolt |
passbolt | == 20230911100418 V430AddUserDisabledField: migrating
passbolt | == 20230911100418 V430AddUserDisabledField: migrated 0.0428s
passbolt |
passbolt | == 20231005121310 V440MobileTransferInsertUiActions: migrating
passbolt | == 20231005121310 V440MobileTransferInsertUiActions: migrated 0.0029s
passbolt |
passbolt | == 20231005123634 V440MobileTransferDefaultRbacsUiActions: migrating
passbolt | == 20231005123634 V440MobileTransferDefaultRbacsUiActions: migrated 0.0045s
passbolt |
passbolt | == 20231108114414 V441AlterUidOnGpgkeys: migrating
passbolt | == 20231108114414 V441AlterUidOnGpgkeys: migrated 0.0252s
passbolt |
passbolt | == 20231115235026 V441DropUserAgents: migrating
passbolt | == 20231115235026 V441DropUserAgents: migrated 0.0079s
passbolt |
passbolt | All Done. Took 0.2650s
passbolt | Clearing cake caches
passbolt | Clearing _cake_model_
passbolt | Cleared _cake_model_ cache
passbolt | Clearing _cake_core_
passbolt | Cleared _cake_core_ cache
passbolt | Enjoy! ☮
passbolt |