Could not retrieve server key. Please contact administrator. even with no errors in healthcheck

This is the output of my healthcheck:

bash-4.2$ ./cake passbolt healthcheck

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//.__/__//_/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.2.7.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pwd.emi.bz
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[WARN] Using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.1.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

No error found. Nice one sparky!

But after the installation, when I go to the provided URL to finish it, the message is Could not retrieve server key. Please contact administrator.

Any tips? Googled everywhere and didn’t find a solution.

Any help would be much appreciated.

Thanks

Can you open the browser console (right click on the page > inspect > console tab), there should be a more detailed error message there that could help us out.

Hi, @remy. Thanks for replying.

This is the output of the console:

domainCheck.js:301 text.trim is not a function
(anonymous) @ domainCheck.js:301
mightThrow @ jquery.js:3534
process @ jquery.js:3602
setTimeout (async)
(anonymous) @ jquery.js:3640
fire @ jquery.js:3268
fireWith @ jquery.js:3398
fire @ jquery.js:3406
fire @ jquery.js:3268
fireWith @ jquery.js:3398
process @ jquery.js:3622
setTimeout (async)
(anonymous) @ jquery.js:3640
fire @ jquery.js:3268
fireWith @ jquery.js:3398
fire @ jquery.js:3406
fire @ jquery.js:3268
fireWith @ jquery.js:3398
process @ jquery.js:3622
(anonymous) @ jquery.js:3632
mightThrow @ jquery.js:3534
process @ jquery.js:3602
setTimeout (async)
(anonymous) @ jquery.js:3640
fire @ jquery.js:3268
fireWith @ jquery.js:3398
fire @ jquery.js:3406
fire @ jquery.js:3268
fireWith @ jquery.js:3398
process @ jquery.js:3622
setTimeout (async)
(anonymous) @ jquery.js:3640
fire @ jquery.js:3268
fireWith @ jquery.js:3398
fire @ jquery.js:3406
fire @ jquery.js:3268
fireWith @ jquery.js:3398
handleResponse @ request.js:107
Port.onMessage @ port.js:52
(anonymous) @ port.js:34
EventImpl.dispatchToListener @ extensions::event_bindings:403
publicClassPrototype.(anonymous function) @ extensions::utils:138
EventImpl.dispatch
@ extensions::event_bindings:387
EventImpl.dispatch @ extensions::event_bindings:409
publicClassPrototype.(anonymous function) @ extensions::utils:138
dispatchOnMessage @ extensions::messaging:392

Looks like your keydata are missing. Check that the public key file is readable on the file system for the web server user. Also make sure you run the healthcheck as the web server user, there might some other issues.

Hey, @remy. Thanks again for helping.

About the public key being readable, it is:

[root@passwords gpg]# ls -la
total 28
drwxr-xr-x. 2 nginx nginx 100 Jul 12 20:25 .
drwxr-xr-x. 6 nginx nginx 4096 Jul 12 20:57 …
-rw-r-----. 1 nginx nginx 1699 Jul 12 21:04 serverkey.asc
-rw-r-----. 1 nginx nginx 3464 Jul 12 21:03 serverkey_private.asc
-rw-r–r--. 1 nginx nginx 3147 Jul 11 11:58 unsecure.key
-rw-r–r--. 1 nginx nginx 6647 Jul 11 11:58 unsecure_private.key

Also, the healthcheck I’ve ran in my previous comment was with nginx user.
Other things I’ve already checked:

  • The key is on the nginx keyring
  • The key matches the passbolt.php conf file.

I could only reproduce the output with a permission issue, e.g. when the file can be found but the content of the file cannot be read. Even an empty readable file does return something different.

Maybe you have SELinux installed and something is going down over there?

Unfortunetly, not since my selinux is disabled :frowning:

Can you tell us more about your setup? Like which operating system, etc.

I’m using CentOS7.

I followed this step by step.

https://help.passbolt.com/hosting/install/ce/centos-7.html

So, I noticed that we have this step:

$ sudo su -s /bin/bash -c “gpg --list-keys” nginx
gpg: directory ‘/var/lib/nginx/.gnupg’ created
gpg: keybox ‘/var/lib/nginx/.gnupg/pubring.kbx’ created
gpg: /var/lib/nginx/.gnupg/trustdb.gpg: trustdb created

I have the ‘/var/lib/nginx/.gnupg’ folder
I have the /var/lib/nginx/.gnupg/trustdb.gpg: trustdb

But I can’t find the keybox ‘/var/lib/nginx/.gnupg/pubring.kbx’

Could be it? If yes, how can I create this file?

Hi @bqeg

You could check whether:

  • the gnupg folders owned by the nginx user (/var/lib/nginx/.gnupg)
  • the error.log contains any extra information

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.