Debian with Apache2 Installation issues

i try to run Passbolt on our Server (Debian) with Apache.
The main Background is, that i’m not familair with nginx and i need to run two webservices on that VM and the second system is already running on apache.


  • Debian 12.0
  • PHP 8.2.7
  • PHP Modules (php -m) calendar,core,ctype,curl,date,dom,exif,FFI,fileinfo,filter,ftp,gettext,gnupg,hash,iconv,imagick,intl,json,ldap,libxml,mbstring,mysqli,mysqlnd,openssl,pcntl,pcre,PDO,pdo_mysql,Phar,posix,random,readline,Reflection,session,shomp,SimpleXML,sockets,sodium,SPL,standard,sysvmsg,sysvsem,sysvshm,tokenizer,xml,xmlreader,xmlwriter,xsl,Zend OPcache, zlib
  • Zend Engine v4.2.7 with OPcahe v8.2.7
  • Apache 2.4.57 (Debian)
  • Loaded Apache Modules: php_module,proxy_module,proxy_fcgi_module,rewrite_module

Vhost Config
Currently Passbolt will run local for testing, later we will connect it with our domain, so there is currently no ssl certificate and the ssl certificate will always come from our domain/hoster and not from our server.

<VirtualHost *:80>

        ServerAdmin etronetadmin@localhost
        DocumentRoot /var/www/html/passbolt/webroot

        <Directory /var/www/html/passbolt>
                Options FollowSymLinks
                AllowOverride All
                Order Allow,Deny
                Allow from all

        ErrorLog ${APACHE_LOG_DIR}/passbolt_error.log
        CustomLog ${APACHE_LOG_DIR}/passbolt_access.log combined


Config passbolt.php

  * Passbolt ~ Open source password manager for teams
  * Copyright (c) Passbolt SA (
  * Licensed under GNU Affero General Public License version 3 of the or
any later version.
  * For full copyright and license information, please see the
  * Redistributions of files must retain the above copyright notice.
  * @copyright     Copyright (c) Passbolt SA (
  * @license AGPL License
  * @link Passbolt(tm)
  * @since         2.0.0
  * By default passbolt tries to use the environment variables or falls
back to the default values as
  * defined in default.php. You can use passbolt.default.php as a basis
to set your own configuration
  * without using environment variables..
  * 1. copy/paste passbolt.default.php to passbolt.php
  * 2. set the variables in the App section
  * 3. set the variables in the passbolt section
  * To see all available options, you can refer to the default.php file,
and modify passsbolt.php accordingly.
  * Do not modify default.php or you may break your upgrade process.
  * Read more about how to install passbolt:
  * Any issue, check out our FAQ:
  * An installation issue? Ask for help to the community:
return [

      * All the information in this section must be provided in order for
passbolt to work
      * This configuration overrides the CakePHP defaults located in
      * Do not edit app.php as it may break your upgrade process
     'App' => [
         // A base URL to use for absolute links.
         // The fully qualified domain name (including protocol) to your
application’s root
         // e.g. where the passbolt instance will be reachable to your
end users.
         // This information is need to render images in emails for
         'fullBaseUrl' => '',
         // OPTIONAL
         // You can specify the base directory the app resides in.
         // Useful if you are running passbolt in a subdirectory like
         // Ensure your string starts with a / and does NOT end with a /
         'base' => '/passbolt'

     // Database configuration.
     'Datasources' => [
         'default' => [
             'host' => 'localhost',
             //'port' => 'non_standard_port_number',
             'username' => 'passbolt',
             'password' => 'mypassword',
             'database' => 'etr_pb',

     // Email configuration.
     'EmailTransport' => [
         'default' => [
             'host' => '',
             'port' => 465,
             'username' => 'mailuser',
             'password' => 'mypassword',
             // Is this a secure connection? true if yes, null if no.
             'tls' => true,
             //'timeout' => 30,
             //'client' => null,
             //'url' => null,
     'Email' => [
         'default' => [
             // Defines the default name and email of the sender of the
             'from' => ['' => 'Passbolt My Company'],
             //'charset' => 'utf-8',
             //'headerCharset' => 'utf-8',

      * This is the default configuration.
      * It enforces the use of ssl, and does not provide a default
OpenPGP key.
      * If your objective is to try passbolt quickly for evaluation
purpose, and security is not important
      * you can use the demo config example provided in the next section
     'passbolt' => [
         // GPG Configuration.
         // The keyring must to be owned and accessible by the webserver
         // Example: www-data user on Debian
         'gpg' => [
             // Tell GPG where to find the keyring.
             // If putenv is set to false, gnupg will use the default
path ~/.gnupg.
             // For example :
             // - Apache on Centos it would be in
             // - Apache on Debian it would be in '/var/www/.gnupg'
             // - Nginx on Centos it would be in '/var/lib/nginx/.gnupg'
             // - etc.
             //'keyring' => getenv("HOME") . DS . '.gnupg',
             // Replace GNUPGHOME with above value even if it is set.
             //'putenv' => false,

             // Main server key.
             'serverKey' => [
                 // Server private key fingerprint.
                 'fingerprint' =>
                 //'public' => CONFIG . 'gpg' . DS . 'serverkey.asc',
                 //'private' => CONFIG . 'gpg' . DS .

  * Uncomment the lines below if you want to try passbolt quickly.
  * and if you are not concerned about the security of your installation.
  * (Don't forget to comment the default config above).
//    'debug' => true,
//    'passbolt' => [
//        'registration' => [
//            'public' => true
//        ],
//        'ssl' => [
//            'force' => false,
//        ],
//        'gpg' => [
//            'serverKey' => [
//                'fingerprint' =>
//                'public' => CONFIG . DS . 'gpg' . DS . 'unsecure.key',
//                'private' => CONFIG . DS . 'gpg' . DS .
//            ],
//        ],
//    ]



2023-07-25 14:51:31 error:
[Cake\Routing\Exception\MissingRouteException] A route matching
"/webroot/" could not be found. in
on line 197
Request URL: /webroot/
Client IP:

Healthcheck Errors

[Fail] The logs directory ant its content are not writable
[Fail] Could not reach the /healthcheck/status wit the url specified in App.FullBaseurl
[Fail] SSL peer certificate does not validate
[Fail] Hostname does not match when validating certificates
[Fail] The public key fiile is not defined in /var/www/html/passbolt/config/passbolt.php or not readable
[Fail] The private key cannot be used to sign a message
[Fail] The public and private keys cannot be used to encrypt and sign a message
[Fail]  The private key cannot be used to decrypt a message
[Fail]  The private key cannot be used to decrypt and verify a message
[Fail]  The public key cannot be used to verify a signature
[Fail] Passbolt is not configured to force SSL use
[Fail]  App.fullBaseUrl is not set to HTTPS
[WARN] Host availability checking is disabled
[Fail] The .../jwt/ directory should not be writable
[Fail] A valid JWT key pair is missing

What i tried and found out:

  • visiting ends in an redirect to > and shows “Not Found - The requestet URL was not found on this Server at localhost Port 80”
  • visiting shows some links but also “Not found”

I think this is a rewrite problem but i don’t can figure out whats the matter.
Maybe some of you could help me :wink:

[x ] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[x ] I provide a copy of my logs and healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[x ] I describe the steps on how to reproduce the issue

Hi @empx92

Welcome to the community forum!

I am hoping this link might help

Or maybe this forum post.

Maybe the webroot issue

1 Like

Hello @empx92 and welcome to the forum!
I saw in your Vhost config a mistake that maybe can solve your problem.
In the DocumentRoot variable, you should set just /var/www/html/passbolt, without webroot.
That would explain why in Errorlog is looking for the folder webroot but could not find it (because you are already inside)

1 Like

Yes that seems to clear the log problem.
But everything else is the same as described above.

I’m not as familiar with apache but you might need an alias here.

In your passbolt.php file I see you are trying to serve it as but I don’t see anything pointing to that in your vhost config