Error During Passbolt Install on CentOS7

Hello,

I’m running into an issue when installing Passbolt. I get “The GnuPG config for the server is not available or incomplete. please run ./app/console/cake passbolt healthcheck for more information and help”.
When I try to run the healthcheck i get a message stating that Passbolt commands cannot be executed as root.

I’ve followed all the steps from the site however the only step that i had trouble with was step 9. I think i’m just not pasting it correctly into the terminal.

Any help would be greatly appreciated.

Thank you,
Walt

Hello @wsousa

The GnuPG config for the server is not available

The error you are getting means that your configuration file config/passbolt.php is missing or incomplete.
Check the step 11. of the installation guide : https://help.passbolt.com/hosting/install/ce/debian-9-stretch.html

When I try to run the healthcheck i get a message stating that Passbolt commands cannot be executed as root.

The healthcheck command has to be executed with the user who runs the web server (nginx or www-data).
The command given at the step 10. allows you to do that.

Cheers

Thank you for your response. I think something is off in the closing of the passbolt.php file. Does this look right?

these are the last lines:

Note: I ran through everything again and still get this message: PHP Parse error: syntax error, unexpected ‘;’, expecting ‘]’ in /var/www/passbolt/config/passbolt.php on line 146. This happenes to be the end of the file.
I have made all necessary changes as recommended but still no go.

Thank you,
Walt

hi @cedric

I was able to run a healthcheck and it found 9 errors. Below are the results:
bash-4.2$ ./bin/cake passbolt healthcheck

 ____                  __          ____  
/ __ \____  _____ ____/ /_  ____  / / /_ 

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//.__/__//_/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 7.2.11.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://passbolt.dev
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See.
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/lib/nginx/.gnupg” nginx | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See.
[FAIL] The server public key defined in the config/passbolt.php is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /var/lib/nginx/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc” nginx
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

Application configuration

[PASS] Using latest passbolt version (2.4.0).
[FAIL] Passbot is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

Hello @wsousa,

From what I can see the configuration of your server gpg key is not passing the healtcheck.
If you are using the nginx gpg keyring only with passbolt, I would advice you to delete it (/var/lib/nginx/.gnupg) and to follow again the step 8. and 9. of the documentation (https://help.passbolt.com/hosting/install/ce/centos-7.html)

FYI: In a couple of days we are releasing scripts to easily install and configure passbolt on a bare metal server (centos/debian/ubuntu).

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.