Could not verify server key. There was an error during authentication

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hi. I’ve a Passbolt container running in GKE, using the latest passbolt image, and done with the setup. Everything is good but there is this error sign in the home (login by the extension is looks to be correct). There’s nothing on passbolt home logs, I’ve changed the PASSBOLT_KEY_NAME, and PASSBOLT_KEY_EMAIL but it didn’t worked.

Can someone help me?

Hi @Negreiros,
What does the healtcheck say?
./bin/cake passbolt healthcheck (from the passbolt directory)

Hi @kevin. Sorry, i’ve forgotted.


 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
 [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
 [FAIL] The server gpg key is not set
  [HELP] Create a key, export it and add the fingerprint to config/passbolt.php
  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
  [HELP] Double check the key fingerprint, example: 
  [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /home/www-data/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
  [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
 [FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
  [HELP] Import the private server key in the keyring of the webserver user.
  [HELP] you can try:
  [HELP] sudo su -s /bin/bash -c "gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
 [FAIL] The server key does not have a valid email id.
  [HELP] Edit or generate another key with a valid email id.

 Application configuration

 [FAIL] This installation is not up to date. Currently using 2.12.0 and it should be v2.12.1.
  [HELP] See. https://www.passbolt.com/help/tech/update
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

  6 error(s) found. Hang in there!

@kevin, maybe I have generated the Server Key with Name/Email defaults (Passbolt and passbolt@yourdomain). Is there a process to generate new ones and do the change without having to clean up my database?

Indeed, it looks like your key is not valid, probably due to the email your provided.
If it is a fresh installation, then you should be able to change your key without cleaning your db.

Thank you, @kevin! Is there any documentation on how to change it? I couldn’t find it

@Negreiros, I would need to have more details on your installation.
I suspect that you are using the official passbolt CE docker container (since you are on GKE) ? If that’s the case, then you will just need to generate a new key, change the fingerprint in the config and run your container again.
If you are not using the docker container, then you will need to generate a new key and put it where passbolt can access it (usually in config/gpg), then modify the config file to edit the gpg section with the correct file name and fingerpint. Then run the healthcheck again to see if everything is fine.
Let me know if any of this works.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.