I’m running into an issue when installing Passbolt. I get “The GnuPG config for the server is not available or incomplete. please run ./app/console/cake passbolt healthcheck for more information and help”.
When I try to run the healthcheck i get a message stating that Passbolt commands cannot be executed as root.
I’ve followed all the steps from the site however the only step that i had trouble with was step 9. I think i’m just not pasting it correctly into the terminal.
When I try to run the healthcheck i get a message stating that Passbolt commands cannot be executed as root.
The healthcheck command has to be executed with the user who runs the web server (nginx or www-data).
The command given at the step 10. allows you to do that.
Note: I ran through everything again and still get this message: PHP Parse error: syntax error, unexpected ‘;’, expecting ‘]’ in /var/www/passbolt/config/passbolt.php on line 146. This happenes to be the end of the file.
I have made all necessary changes as recommended but still no go.
[PASS] PHP version 7.2.11.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to http://passbolt.dev
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[FAIL] The server gpg key is not set
[HELP] Create a key, export it and add the fingerprint to config/passbolt.php
[HELP] See.
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/lib/nginx/.gnupg” nginx | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See.
[FAIL] The server public key defined in the config/passbolt.php is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /var/lib/nginx/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc” nginx
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.
Application configuration
[PASS] Using latest passbolt version (2.4.0).
[FAIL] Passbot is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
From what I can see the configuration of your server gpg key is not passing the healtcheck.
If you are using the nginx gpg keyring only with passbolt, I would advice you to delete it (/var/lib/nginx/.gnupg) and to follow again the step 8. and 9. of the documentation (https://help.passbolt.com/hosting/install/ce/centos-7.html)
FYI: In a couple of days we are releasing scripts to easily install and configure passbolt on a bare metal server (centos/debian/ubuntu).
