Checklist
I have read intro post:
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
– Server operating system name and version : Red Hat Enterprise Linux release 8.7 (Ootpa)
- Web server name and version: nginx/1.14.1
– Database server name and version: 10.3.35-MariaDB
– Php version: 8.1.14
– Passbolt version: 3.9.0
Status-report :
"
Open source password manager for teams
Passbolt PRO 3.9.0
Cakephp 4.3.7
Linux srv-passbolt-test01 4.18.0-425.10.1.el8_7.x86_64 #1 SMP Wed Dec 14 16:00:01 EST 2022 x86_64 x86_64 x86_64 GNU/Linux
PHP 8.1.14 (cli) (built: Jan 4 2023 06:45:14) (NTS gcc x86_64)
mysql Ver 15.1 Distrib 10.3.35-MariaDB, for Linux (x86_64) using readline 5.1
gpg (GnuPG) 2.2.20
libgcrypt 1.8.5
ERROR: /usr/share/php/passbolt/bin/utils.sh: ligne 64: composer : commande introuvable
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 8.1.14.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://xxx
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check https://
[HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate
Database
[PASS] The application is able to connect to the database
[PASS] 46 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[FAIL] Could not connect to passbolt repository to check versions It is not possible check if your version is up to date.
[HELP] Check the network configuration to allow this script to check for updates.
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[PASS] All email notifications will be sent.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[FAIL] 3 error(s) found. Hang in there!
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Cleanup shell (dry-run)
No issue found, data looks squeaky clean!
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Data check shell
[PASS] Data integrity for AuthenticationTokens.
[PASS] Can validate: 23/23
[PASS] Data integrity for Comments.
[PASS] Can validate: 0/0
[PASS] Data integrity for Favorites.
[PASS] Can validate: 0/0
[PASS] Data integrity for Gpgkeys.
[PASS] Can encrypt: 4/4
[PASS] Pass validation service checks: 4/4
[PASS] Entity data and armored key data matches: 4/4
[PASS] Is not expired: 4/4
[PASS] Is armored key format valid: 4/4
[PASS] Data integrity for Groups.
[PASS] Can validate: 5/5
[PASS] Data integrity for Profiles.
[PASS] Can validate: 8/8
[PASS] Data integrity for Resources.
[PASS] Can validate: 152/152
[PASS] Data integrity for Secrets.
[PASS] Can validate: 380/380
[PASS] Data integrity for Users.
[PASS] Can validate: 8/8
"
Hi everyone,
I created my server and could create my accounts just after this.
When I tried to create another one the day after, I’ve encountered this error.
After many searches, I think it’s because of the time but I can’t find any solution.
When I mde my healthceck and status-report, it appears there is 1 hour delay between my server and the time on the log.
When I check my timedate :
timedatectl
-
Local time: lun. 2023-01-23 10:51:19 CET* -
Universal time: lun. 2023-01-23 09:51:19 UTC* -
RTC time: lun. 2023-01-23 09:51:19* -
Time zone: Europe/Paris (CET, +0100)*
System clock synchronized: no
-
NTP service: active* -
RTC in local TZ: no*
And when I do a chronyc tracking :
Reference ID : 7F7F0101 ()
Stratum : 10
Ref time (UTC) : Mon Jan 23 09:52:14 2023
System time : 0.000000065 seconds fast of NTP time
Last offset : +0.000000000 seconds
RMS offset : 0.000000000 seconds
Frequency : 0.092 ppm fast
Residual freq : +0.000 ppm
Skew : 0.000 ppm
Root delay : 0.000000000 seconds
Root dispersion : 0.000000000 seconds
Update interval : 0.0 seconds
Leap status : Normal
But when I retry to activate my account, the time is still 1 hour before.
I really appreciate your help,
Thank you
