Fresh docker install - The key creation date must not be in the future

I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

I am trying to get passbolt to run on docker and I’m using my existing mysql db-host with nginx reverse proxy infront of passbolt.

Initial installation went fine, I could start the user creation script as explained in the docu but when I open that link in my browser to complete the registration, I get the following error after typing in a password and generating a random security token:

    "code": 400,
    "body": {
        "armored_key": {
            "isNotCreatedInTheFutureRule": "The key creation date must not be in the future."

Not sure what this means, the date within the container is a readonly docker bind to the host’s /etc/timezone and localtime, so they match exactly. So I’m not sure what I’m doing wrong but I suppose it has to do with my nginx reverse proxy infront as that seems to be the only variable that deviates from the docu procedure.

I’ve also found someone having a similar issue after an upgrade/migration and one comment was telling him to run this command

root@66577194f4ae:/usr/share/php/passbolt# /bin/bash -c "gpg --homedir /var/www/.gnupg --import /to/your/user_public_key" www-data
gpg: directory '/var/www/.gnupg' created
gpg: keybox '/var/www/.gnupg/pubring.kbx' created
gpg: can't open '/to/your/user_public_key': No such file or directory
gpg: Total number processed: 0

You can see the results above, that didn’t solve my issue. Would be glad about any help!

Healthcheck looks like this:

 [PASS] PHP version 7.4.28.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [WARN] The passbolt config file is missing in /etc/passbolt/
 [HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
 [HELP] The passbolt config file is not required if passbolt is configured with environment variables

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.bregenz.amt
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
 [HELP] Check that the domain name is correct in config/passbolt.php
 [HELP] Check the network settings

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] Check
 [HELP] fopen(): php_network_getaddresses: getaddrinfo failed: Name or service not known
fopen(https://passbolt.bregenz.amt/healthcheck/status.json): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known


 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [FAIL] The server OpenPGP key is not set
 [HELP] Create a key, export it and add the fingerprint to config/passbolt.php
 [HELP] See.
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
 [HELP] Double check the key fingerprint, example:
 [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/lib/passbolt/.gnupg" root | grep -i -B 2 'SERVER_KEY_EMAIL'
 [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
 [HELP] See.
 [FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
 [HELP] Import the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" root
 [FAIL] The server key does not have a valid email id.
 [HELP] Edit or generate another key with a valid email id.

 Application configuration

 [PASS] Using latest passbolt version (3.6.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 [FAIL] 7 error(s) found. Hang in there!

Hi @justarandomsysadmin Welcome to the forum!

Also check your browser client machine’s time. For example, the time could be right but the timezone is wrong (which technically makes it incorrect and puts the time into the future).

1 Like

Oh well, the clock on my machine is in fact running fast by about a minute. Furthermore one of our domain controllers which acts as a timeserver seems to be off because it’s somehow set manually…

I’ll try to fix this and see if it solves my passbolt issue.


Update: After fixing the time issue the problem seems to be solved.

1 Like