Hi
I have (had) a working version of passbolt dockerized. It worked perfectly until I had to restart the server and the container. (Restart policy : always)
After that I get the error:
Could not verify server key. There was an error during authentication.
I entered the docker container and this is the output of some commands:
su -s /bin/bash -c "./bin/cake passbolt healthcheck" www-data
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /var/www/passbolt/config/
[HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
...
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /home/www-data/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
[FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c "gpg --home /home/www-data/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
...
4 error(s) found. Hang in there!
and the available keys.
root@2254c7995676:/var/www/passbolt# su -s /bin/bash -c "gpg --list-secret-keys" www-data
/home/www-data/.gnupg/pubring.kbx
---------------------------------
sec rsa2048 2019-06-28 [SC]
14183CEF49C8BBB4B9C2F6637EB88C5DD392F0E4
uid [ultimate] Passbolt default user <passbolt@yourdomain.com>
ssb rsa2048 2019-06-28 [E]
root@2254c7995676:/var/www/passbolt#
root@2254c7995676:/var/www/passbolt# su -s /bin/bash -c "gpg --list-keys" www-data
/home/www-data/.gnupg/pubring.kbx
---------------------------------
pub rsa2048 2019-06-28 [SC]
14183CEF49C8BBB4B9C2F6637EB88C5DD392F0E4
uid [ultimate] Passbolt default user <passbolt@yourdomain.com>
sub rsa2048 2019-06-28 [E]
pub rsa2048 2019-04-19 [SC]
A343CA64F3E4CB16DE4031385316755CD859B5DB
uid [ unknown] Juan Surname <juan@myserver.com> (passbolt-key)
sub rsa2048 2019-04-19 [E]
How can I get this configuration right? I would like to restart the container without having to set the key again.
error log:
2019-07-12 01:28:13 Error: [Cake\Routing\Exception\MissingRouteException] A route matching “/robots.txt” could not be found.
Request URL: /robots.txt
2019-07-12 01:28:14 Error: [Cake\Routing\Exception\MissingRouteException] A route matching “/sitemap.xml” could not be found.
Request URL: /sitemap.xml
2019-07-12 01:28:14 Error: [Cake\Routing\Exception\MissingRouteException] A route matching “/.well-known/security.txt” could not be found.
Request URL: /.well-known/security.txt