Error encrypting message: Could not find valid self-signature in key in Docker

JRucker · April 28, 2022, 10:50pm

Checklist
[X ] I have read intro post: About the Installation Issues category
[ X] I have read the tutorials, help and searched for similar issues
[ X] I provide relevant information about my server (component names and versions, etc.)

Installed via Docker Compose, using latest release, on an ubuntu server (latest LTS version)

[ ] I provide a copy of my logs and healthcheck

There aren’t any errors in the docker logs, I don’t know where else to look for logs.
In the healthcheck endpoint, the only thing that’s not green is “The passbolt config file is missing in /etc/passbolt/”

I didn’t see anything in the docker compose installation instructions about creating a volume for a config file, so I have no idea what this is referring to.

[ X] I describe the steps I have taken to trouble shoot the problem
[X ] I describe the steps on how to reproduce the issue

Current behavior:
When I try to add a new user, that user runs into an error when setting up their account. At the step where they do the three letter code thing, they get an error message that says “There was an error during authentication”
Note that this is not the first user I’ve added. Another user was successfully added a couple days ago.

In the UI, that user’s account appears activated, so I try to add them to a group. When I do so, I get this error: “Error encrypting message: Could not find valid self-signature in key”

Steps to reproduce:

Add a new user
Allow them to attempt to set up their account

garrett · April 30, 2022, 2:40am

Hi @JRucker Welcome to the forum! Responses might be a bit slower over the weekend. Just to confirm, you installed following this guide correct? Passbolt Help | Docker passbolt installation

The config file should not be missing. This suggests the setup was not quite right. Did you have any errors at all during the install process?

JRucker · April 30, 2022, 3:35am

Correct, that is the guide I used.
I didn’t encounter any errors during install, and have been successfully using passbolt for a couple weeks until I ran into this error.

garrett · April 30, 2022, 1:57pm

Regarding this error - the config file being referenced is passbolt.php which is normally created in the setup as a copy from passbolt.default.php in the same folder. You might want to take a look in the container at the /etc/passbolt path and see if those two files are existing, and whether they have specific configurations for your setup as you would expect.

If we can troubleshoot so the healthcheck is okay first, that will be the best.

JRucker · May 2, 2022, 9:29pm

There is a passbolt.default.php, but no passbolt.php

Related question: the docker compose yaml in the installation instructions have volumes for /etc/passbolt/pgp and /etc/passbolt/jwt, but not for /etc/passbolt/ where that php file is located. If my setup specific configs are located in that php file, shouldn’t it be in a volume where it’s protected from being removed when the container is destroyed and rebuilt? (I’m far from an expert when it comes to docker stuff, only been playing with it casually for a couple years now)

garrett · May 2, 2022, 9:47pm

The files in /etc/passbolt files are configured upon initial setup as the package installs.

The jwt location is related to an optional feature of mobile access and the pgp location could reuse existing keys one might wish to keep.

The Docker environment variables in the docker-compose.yaml will be where your configuration would most likely be found, so in that sense it’s kept.

garrett · May 2, 2022, 9:50pm

Forgot to add that if you were to copy default.passbolt.php to passbolt.php in same folder that might get rid of the error.

JRucker · May 2, 2022, 10:05pm

Doing this, then restarting the container threw this error when I went to it in the browser:

“Config file “passbolt.php” did not return an array”

Looking in passbolt.php, it looks like it mostly contains configs that are already present in the environment variables in the docker-compose.yaml file.

JRucker · May 2, 2022, 10:07pm

I removed the passbolt.php file and restarted again (So we should be back to where I was when I ran into the error) Then tried to add the user to the group again, and it was successful.

I have no idea what changed, or why it’s working now

garrett · May 2, 2022, 10:17pm

Maybe the contents were pasted and a brace { } was missed?

Glad to hear to hear it’s working!

JRucker · May 2, 2022, 10:20pm

All I did was a cp passbolt.default.php passbolt.php so if there was an error in my file, it also existed in the original. I didn’t see anything glaringly obviously wrong, so I’m not sure.

I have more users to add, I’ll continue keeping a close eye and will update here if I learn anything.
Thanks for your help with troubleshooting!

AnatomicJC · May 3, 2022, 5:16am

Hi @JRucker

Just to clarify, /etc/passbolt/passbolt.php is the passbolt configuration file, but it is not used with docker setup, as we use environment variables. That’s why there is no docker volume configured for this file.

I use myself a passbolt CE docker on a VPS instance and I already encountered this error. The gpg key in my docker volume wasn’t readable anymore in the docker container and a restart of the container fixed this issue, as you did.

Best,