Can't login after update

[ X] I have read intro post: About the Installation Issues category
[ X] I have read the tutorials, help and searched for similar issues
[X ] I provide relevant information about my server (component names and versions, etc.)
[ mostly X] I provide a copy of my logs and healthcheck
[ X] I describe the steps I have taken to trouble shoot the problem
[ X] I describe the steps on how to reproduce the issue

Using CentOS 7.4, and the included apache2 version, 2.4.6 I believe.
Went to update today, and the browser told me to download the plugin. I may have removed it, or it wanted a new one, I don’t honestly know. We are still trying to implement this, and haven’t been actually using passbolt yet.

Logged onto server, stopped appache changed user to the apache user, and ran the following:
sudo su -s /bin/bash apache
git pull origin master
composer install
./bin/cake passbolt migrate --backup

Logged out of apache user, started apache.

ran healthcheck as apache user:

/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/ _

Open source password manager for teams

Healthcheck shell


[PASS] PHP version 7.2.11.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
fopen(): Failed to enable crypto
fopen([redatced because of new forum user permissions]): failed to open stream: operation failed


[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /usr/share/httpd/.gnupg.
[PASS] The directory /usr/share/httpd/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.4.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

Notice the SSL errors. Not sure about that at all. The SSL configuration in apache hasn’t been changed, nor expired. The URL the healthcheck thinks failed works fine in my browser.

Back to browser, and tried to log in as the admin user email. It makes me recover the the account. I get the email, and then copy the recover account link to browser, and get:

The authentication token is not valid or expired.
The requested address was not found on this server. Please double check the url. Maybe the page was deleted or moved.

Sometimes I’ll see something about not having permission to view the URL, but this disappears.

The date and time in the email is also WAY off, and in fact in the passbolt error log I see:
2018-10-31 19:32:27 Error: [Cake\Network\Exception\BadRequestException] The authentication token is not valid or expired.

when in fact as I write this it is 13:34 local time.

Did I overwrite a config file when I updated?

Can you try to clear the cache and try a recover again?

./bin/cake cache clear_all

ref. After update to 2.4 That version of GPGAuth is not supported. (undefined)

I logged in as webserver user (apache) and ran that command, and then restarted apache.

That seems to have worked. Thanks!

is is still a thing, where the recovery email has a time stamp in it, is 6 hours in the future?

@bberndt the time in the email is based on the server time not your user time. Can you check the server timezone and yours to see if that explains the gap?

$ date
Fri Nov 2 10:42:28 MDT 2018

So time zone is Mountain Daylight Time? Yeah, thats correct…

I checked and by default cakephp set the timezone to UTC and not the timezone from the server locale as I previously thought. I’ll create an improvement to allow setting timezone at the organization and user levels.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.