Checklist I have read intro post: I have read the tutorials, help and searched for similar issues I provide relevant information about my server (component names and versions, etc.) I provide a copy of my logs and healthcheck I describe the steps I have taken to trouble shoot the problem I describe the steps on how to reproduce the issue
I set up the OVA template in VMware as a test server. Passbolt uses a certificate issued by a local CA. The root certificate is stored in Debian. As an administrator, I can invite users, and they can log in to Passbolt via the add-on. Passbolt is accessable over a lokal url.
Since I logged out with the admin user in the browser, I haven’t been able to get logged in again. The add-on isn’t recognized via the recovery link.
I’ve reset the browser. I’ve tested a different browser. I’ve tested a different computer.
I created a recovery link via the console. The problem remains the same.No errors are displayed when I use F12 for developer tools for the website.
I don’t see errors in passbolt-error.log or passbolt-access.log
Unfortunately, the 10-day trial has expired, which explains the errors in healthreport.
I created a second admin via cli. But my first admin is manager of a group and the new admin can’t manage them.I would like to fix the issues with the account-recovery befor I set up new users that should test passbolt.
Healthlog Report:
Healthcheck shell
If you want to have more information about the different checks, please take a look at the documentation: .
Environment
[INFO] Linux ip-10-0-2-15 6.12.73+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.73-1 (2026-02-17) x86_64 GNU/Linux
[PASS] PHP version 8.4.16.[PASS] PHP version is 8.2 or above.
[PASS] 64-bit architecture system detected.
[INFO] gpg (GnuPG) 2.4.7 / libgcrypt 1.11.0
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory /var/log/passbolt/ and its content are writable.
[PASS] System clock is synchronized and NTP service is active.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Cache is working.[PASS] Debug mode is off.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://“internal-URL”[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates.
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate.
SMTP settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.[PASS] No custom SSL configuration for SMTP server.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled.
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[FAIL] This installation is not up to date. Currently using 5.9.0 and it should be 5.10.0.
[HELP] See https://www.passbolt.com/help/tech/update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema is up to date.
[FAIL] Subscription invalid/expired (The subscription is expired.).
Database
[PASS] The application is able to connect to the database
[PASS] 53 tables found.
[PASS] Some default content is present.
[PASS] The database version is supported.
Metadata
[PASS] The server is able to decrypt the metadata private key.
[PASS] Active metadata key found or not required.
[PASS] The server has access to the metadata keys or does not require access to it.
[PASS] The server metadata private key is valid.
Directory Sync
[WARN] The endpoints for updating the users directory configurations are enabled.
[HELP] It is recommended to disable endpoints for updating the users directory configurations.
[HELP] Set the PASSBOLT_SECURITY_DIRECTORY_SYNC_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.directorySync.endpointsDisabled to true in /etc/passbolt/passbolt.php.[PASS] SSL certification verification for LDAP server is enabled.
SSO
[PASS] SSL certification validation for SSO instance is enabled.
[WARN] The endpoints for updating the SSO configurations are enabled.
[HELP] It is recommended to disable endpoints for updating the SSO configurations.
[HELP] Set the PASSBOLT_SECURITY_SSO_SETTINGS_EDITION_DISABLED environment variable to true.
[HELP] Or set passbolt.security.sso.settings.editionDisabled to true in /etc/passbolt/passbolt.php.
SCIM
[INFO] SCIM plugin is enabled.
[FAIL] 2 error(s) found. Hang in there!
