[FAIL] SSL peer certificate does not validate. Let's encrypt

Can anyone help to fix this error? I’m dummy in linux, so doing it is my first expirience. Any tipps/advices will be helpful!

SSL certificate created via Let’s encrypt created

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] fopen(): Peer certificate CN=passbolt.domain.tld' did not match expected CN=passbolt..com’
fopen(): Failed to enable crypto
.de/healthcheck/status.json): failed to open stream: operation failed

[FAIL] 2 error(s) found. Hang in there!

Hi @Peckatop,

Welcome to the Forum.

So your current issue would be that you still have the self signed certificates active.

Are you using Nginx or Apache ?

In both cases you would need to set let nginx or apache know the location of the Lets Encrypt Certificate.

For Nginx it would be something like this:

        ssl_certificate      /etc/pki/tls/certs/example.com.bundle;
	    ssl_certificate_key  /etc/pki/tls/private/example.com.key;

For Apache it would be something like this:

        SSLCertificateFile "/etc/apache2/certs/example.com.bundle"
        SSLCertificateKeyFile "/etc/apache2/certs/example.com.key"

If you do not mind can you post your configuration file.


Hi there! Thanks for your answer.

Seems that Let’s encrypt wasn’t used, instead i did manually using this manual: Passbolt Help | Manual HTTPS configuration on Debian and Ubuntu with user provided certificates

sorry for confusing.

i’m using nginx.

which configuration file? (sorry for dumb questions)

Cool, so then you do not actually have a lets encrypt certificate as the manual mode asks you for the location of the SSL certificate and key that you generated.

There is no such a thing as a “dumb question”, if you don’t know something its better to ask.

Anyways there’s no need for the configuration file as i know you do not have a LetsEncrypt SSL certificate if you used the manual mode.

Are you using a local domain or a top level domain ?

If you have a domain name, then you can reconfigure passbolt-ce-server and use the “auto” mode which will then request the Lets Encrypt certificate.


I’m using local domain, and provided with location of files while

$ sudo dpkg-reconfigure passbolt-ce-server

i do have connection to page, but it says that “Connection is not secure”
it sees my SSL certificate, but still…

I’ve tried before with setting up of Let’s Encrypt, but receiving error while trying.

$ sudo dpkg-reconfigure passbolt-ce-server
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for passbolt.mydomain.com
Performing the following challenges:
http-01 challenge for passbolt.mydomain.com
Waiting for verification…
Challenge failed for domain passbolt.mydomain.com
http-01 challenge for passbolt.mydomain.com
Cleaning up challenges
Some challenges have failed.

there’s another name, not mydomain.com :sweat_smile:


i found a small typo, which i fixen, now i have only 1 warning which says.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL

is there any way to solve this issue. And how big is this issue?

Now i’m really feeling dumb, because my domain doesn’t have Root CA service.

Thanks for your help and willingness to help me!

Restart nginx and then run the passbolt health check again.

I think that should fix the issue as you might still be running an old configuration.


1 Like