Could not verify the server key. The authentication failed

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi, I’m still newbie on installing software that need to be configure with server or hostname etc. I have this problem (I stated on title) when I sign out, I can’t sign back in. I use oracle virtual box with oracle linux 8.5. I follow the guide and everything when smoothly but this error occur when I try to sign in back. I use mariadb as my database and nginx for webserver. And for the hostname and URL I use my own ip address 10.x.x.15/24. When generating the keys I use my own personal email as the server email and 10.x.x.15 as my server name. Is it because I don’t have ssl? And last but not least while I still sign I do try send email to add user to other people. They do received the email but they cannot open the link. The website cannot be reach. I would be really grateful if u can help me. Thanks in advance.





This below is screen shot of my passbolt.php:


Sometimes this issue will come up if you don’t have NTP set up correctly. Could you double check to make sure that is properly configured?

Yup, I already configure the NTP according to my time zone but I’m using chrony. I have done several things after I post this question. I implement the SSL using OpenSSL but the cert is not valid and my https is still grey in my URL but I’m running Passbolt on port 443. Currently, I’m redirecting to page where it says “Please enter your email to continue” but when I enter my email, there is no email received at my end. And I check the status of my Passbolt using:

sudo systemctl status passbolt.service

It returns:

Unit passbolt.service could not be found.

even I start it again, it says “Failed to start passbolt.service: Unit passbolt.service not found.”

This is the output of NTP under root:

Passbolt doesn’t run as a service which is why sudo systemctl status passbolt.service returns that message.

For the email not being received, first thing to check is spam/junk folder. If it isn’t there then you’ll want to connect to the database and run the following query to see what the error message is:

select email, subject, error, created, sent from email_queue; 

This will show if the error is on the email config on the passbolt side or the email server side

There is no email sent for the current date on 28 - 29. I realized that I put invalid email for the admin but I have one user which I use my personal email and I still did not received the email. So is it from the server side?

Maybe for the previous date, it worked because I configure SMTP server while still using the default port 80. And after that I implement SSL to my domain using 443 (I didn’t touch SMTP server while setup SSL) and also the reason this problem occur?

I open the extension on firefox and it seems like this happen because of the SSL configuration and lead the problem to the server:
Capture2

In your passbolt.php config, try db host value of localhost instead of the ip address of the server. Does it make any difference when changed?

Also, you have force ssl but your full url is not showing https. This is a conflict.

Nothing change. For the force SSL, I already add the SSL cert and key but it is a self signed one and it is not valid so should I change it back to http:


The ssl right under fullBaseUrl is not correct and can be removed.

Those keyand cert values can be in the nginx config:

ssl_certificate     /etc/nginx/ssl/passbolt.crt;
ssl_certificate_key /etc/nginx/ssl/passbolt.key;

Also, once you have it working, rotate your server keys as described here, since you have published the fingerprint. Passbolt Help | How to rotate server GPG keys

Still no luck.

Capture5

I also check the status of nginx and also giving the necessary permission and check the condition using:

sudo nginx -t

Everything returns fine except when I open the error.log it says:

And after that I make a passbolt health check for user and then for nginx. user only give fail because off ssl and logs but for nginx it says that it does not have permission to open /var/lib/passbolt/.gnupg and also the secret_key is not inside the keyring.

I try to give permission to nginx and then the user will pop error because of that (permission). And right now the user is the one that need permission for the .gnupg and the keyring

It’s not clear at the moment which nginx config file is which… however, the root that we would be expecting would be something that includes passbolt/webroot at the end of it.

Like: /usr/share/nginx/html/passbolt/webroot

With package installations it would be root /usr/share/php/passbolt/webroot; but maybe you installed using source or it’s an older install?

I check the file dir but there is no directory for

/usr/share/nginx/html/auth/is-authenticated.json

in there even I unhide all the file it is not to be found. I do have /passbolt/webroot in

/usr/share/php/passbolt/webroot/

For the installation, I follow the guide in passbolt on oracle linux 8.

With Oracle Linux 8 it installs via the package - so your root should be /usr/share/php/passbolt/webroot.

However, you should look for NGINX config files created by the package. Not only /etc/nginx/nginx.conf but any other included files. Just to double check to make sure there isn’t already a root directive saying the above path.

In the nginx.conf file, the root is specify to /usr/share/nginx/html so should i change it to /usr/share/php/passbolt/webroot ?

Yes - the path you are noting is only the default path for NGINX. It needs to point to the passbolt project folder, and with no trailing slash at the end.

I believe this is the correct command for your OS in order to restart the web server after you have made the changes:
sudo systemctl restart nginx

… signing off, good luck! Someone else will be able to assist further.