Checklist
I have read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Hello. I installed Passbolt using helm charts, but I’m struggling with this key not found problem, similar with this problem.
The problem happens with some users. Running the healthcheck, I realized we had 2 users with the same e-mail, and it was the default_user:
gpg --list-keys --fingerprint
pub rsa3072 2024-08-27 [SC]
XXXX YYYY ZZZZ ASDQ 1234 1234 1234 1234 1234 1234
uid [ unknown] Passbolt default user ambient@foo.bar
–
pub rsa3072 2024-09-05 [SC]
122C 4567 F396 DFQ4 AA20 4321 4321 4321 1234 1234
uid [ unknown] Group ambient@foo.bar
Then i deleted the user with duplicated e-mail, ran the cleanup command and restarted my pod. Now the healthcheck pass without problems in my gpg.
www-data@passbolt-depl-srv-64d857f454-dhh97:/usr/share/php/passbolt$ ./bin/cake passbolt healthcheck
healthcheck
Healthcheck shell -------------------------------------------------------------------------------Environment
[PASS] PHP version 8.2.20.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[PASS] Cache is working.
[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.foo.bar
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings
SSL Certificate
[WARN] SSL peer certificate does not validate.
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate.
[HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
SMTP settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[WARN] The SMTP Settings source is: env variables.
[HELP] It is recommended to set the SMTP Settings in the database through the administration section.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[PASS] No custom SSL configuration for SMTP server.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled.
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (4.9.1).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] The self registration provider is: Email domain safe list.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema is up to date.
Database
[PASS] The application is able to connect to the database
[PASS] 31 tables found.
[PASS] Some default content is present.
[FAIL] 1 error(s) found. Hang in there!
datacheck
Data check shell
[PASS] Data integrity for AuthenticationTokens.
[PASS] Can validate: 1087/1087
[PASS] Data integrity for Comments.
[PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
[PASS] Can validate: 20/20
[PASS] Data integrity for Gpgkeys.
[PASS] Can encrypt: 141/141
[PASS] Pass validation service checks: 141/141
[PASS] Entity data and armored key data matches: 141/141
[PASS] Is not expired: 141/141
[PASS] Is armored key format valid: 141/141
[PASS] Data integrity for Groups.
[PASS] Can validate: 33/33
[PASS] Data integrity for Profiles.
[PASS] Can validate: 173/173
[PASS] Data integrity for Resources.
[PASS] Can validate: 974/974
[PASS] Data integrity for Secrets.
[PASS] Can validate: 1779/1779
[PASS] Data integrity for Users.
[PASS] Can validate: 171/171
In some situations users cant can’t add some others users to groups, but i added the same user in the same group with my account. Trying in another browser, sometimes it works, sometimes it doesn’t . I can’t find a pattern to the problem.
When i try to view the user public key in his profile, my extension thrown the exception “User Key not found”
But accessing directly the URL profile via /users/USER_ID.json i can get the public key:
just realized the timezone from application and database are different. There is not any option to change the MariaDB timezone in helm charts. For the application i added the extraEnv: TZ=…
My application version:
Server: 4.9.1 / Client: 4.10.0
My browser version:
Version 130.0.6723.58 (Official Build) (64-bit)
Let me know if more information are needed.
Thanks in advance!
