Hello,
Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Im using Oracle Linux 8.5 and Passbolt CE 3.9.0-3 (new install). Its a VM created on vSphere 6.7, with 4 cores, 8 GB RAM and 40 GB HDD in total.
The installation, configuration etc. was performed using this information.
Issue #1. Emails.
Once configured, the administrator account is created. The drawback is that there is no confirmation email when I try to log in.
I have seen in the forum that there was a problem with cron (3.8), where changing the account to root worked normally. But in this version (3.9) the cron has configured the Nginx account, which is correct; in any case I make the change to root to perform the test and it does not work either.
Original.
PATH=/bin:/usr/local/bin:/usr/bin
PASSBOLT_BASE_DIR=/usr/share/php/passbolt
PASSBOLT_LOG_DIR=/var/log/passbolt
- Nginx $PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log
Edited.
PATH=/bin:/usr/local/bin:/usr/bin
PASSBOLT_BASE_DIR=/usr/share/php/passbolt
PASSBOLT_LOG_DIR=/var/log/passbolt
- root $PASSBOLT_BASE_DIR/bin/cron > $PASSBOLT_LOG_DIR/cron.log 2> $PASSBOLT_LOG_DIR/cron-error.log
When it was configured in the wizard, the test was performed and it worked normally.
Environment validated.
su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt healthcheck --application --configFiles --core --database --environment --ssl” nginx
When the test is performed from the terminal the mail is sent.
su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt healthcheck --gpg --smtpSettings” nginx
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.[PASS] No error found. Nice one sparky!
This command works fine.
su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=myuser@my.domain” nginx
Debug email shell
Email configuration
Host: 1.0.0.0
Port: 25
Username:
Password: *********
TLS: false
Sending email from: Passbolt passbolt@my.domain
Sending email to: myuser@my.domain
Trace
[220] server.my.domain Microsoft ESMTP MAIL Service ready at Fri, 20 Jan 2023 15:53:52 -0600
EHLO localhost
[250] server.my.domain Hello [1.0.0.1]
[250] SIZE 37748736
[250] PIPELINING
[250] DSN
[250] ENHANCEDSTATUSCODES
[250] STARTTLS
[250] X-ANONYMOUSTLS
[250] AUTH NTLM
[250] X-EXPS GSSAPI NTLM
[250] 8BITMIME
[250] BINARYMIME
[250] CHUNKING
[250] XRDST
MAIL FROM:passbolt@my.domain
[250] 2.1.0 Sender OK
RCPT TO:myuser@my.domain
[250] 2.1.5 Recipient OK
DATA
[354] Start mail input; end with .
From: Passbolt passbolt@my.domain
To: myuser@my.domain
Date: Fri, 20 Jan 2023 21:53:52 +0000
Message-ID: 68a0dd712beb4894a7b55dd37ad0cba6@server.my.domian
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bitCongratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine..
[250] 2.6.0 68a0dd712beb4894a7b55dd37ad0cba6@server.my.domian [InternalId=113902532690034, Hostname=server.my.domain] 1812 bytes in 0.102, 17.233 KB/sec Queued mail for delivery
QUIT
Works fine.
su -s /bin/bash -c “/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=usar@my.domain” nginx
Issue #2. Wildcard certificate.
I have two errors concerning the security certificate.
In this case I am using a wildcard (*.my.domain) which covers the DNS name of the server (passbolt.my.domain) and its from a CA (RapidSSL).
Environment
[PASS] PHP version 8.1.14.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.Config files
[PASS] The application config file is present
[PASS] The passbolt config file is presentCore config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://server.my.domain
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.SSL Certificate
[FAIL] SSL peer certificate does not validate
** [FAIL] Hostname does not match when validating certificates.**
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificateDatabase
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.Application configuration
[PASS] Using latest passbolt version (3.9.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[PASS] All email notifications will be sent.[FAIL] 2 error(s) found. Hang in there!
Issue #3. Login error.
Sometimes when I try to do the login, it tells me that there is an error.
I have read the forums, made tests but I have not been able to solve the problems. So I look forward to recommendations.
Regards.