Healthcheck fails Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl

I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
[ X] I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

I cannot go ahead with installation.

    ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams

Passbolt commands should only be executed as the web server user.

The command should be executed with the same user as your web server. By instance:
su -s /bin/bash -c "/var/www/vhosts/ COMMAND" HTTP_USER
where HTTP_USER match your web server user: www-data, nginx, apache, http

 Healthcheck shell........................................................




 [PASS] PHP version 8.2.19.
 [PASS] PHP version is 8.1 or above.
 [PASS] PCRE compiled with unicode support.
 [PASS] Mbstring extension is installed.
 [PASS] Intl extension is installed.
 [PASS] GD or Imagick extension is installed.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Cache is working.
 [PASS] Debug mode is off.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
 [HELP] Check that the domain name is correct in /var/www/vhosts/
 [HELP] Check the network settings

 SSL Certificate

 [WARN] SSL peer certificate does not validate.
 [WARN] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate.
 [HELP] Check

 SMTP settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [WARN] The SMTP Settings source is: /var/www/vhosts/
 [HELP] It is recommended to set the SMTP Settings in the database through the administration section.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Or set to true in /var/www/vhosts/

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled.
 [PASS] The /var/www/vhosts/ directory is not writable.
 [PASS] A valid JWT key pair was found.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/www/vhosts/
 [PASS] The directory /var/www/vhosts/ containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one.
 [PASS] The public key file is defined in /var/www/vhosts/ and readable.
 [PASS] The private key file is defined in /var/www/vhosts/ and readable.
 [PASS] The server key fingerprint matches the one defined in /var/www/vhosts/
 [PASS] The server public key defined in the /var/www/vhosts/ (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [FAIL] This installation is not up to date. Currently using 4.7.0 and it should be 4.8.0.
 [HELP] See
 [FAIL] Passbolt is not configured to force SSL use.
 [HELP] Set passbolt.ssl.force to true in /var/www/vhosts/
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in /var/www/vhosts/
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set to true in /var/www/vhosts/
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.
 [PASS] The database schema up to date.


 [PASS] The application is able to connect to the database
 [PASS] 31 tables found.
 [PASS] Some default content is present.

 [FAIL] 3 error(s) found. Hang in there!

server conf:

server {
  listen [::]:443 ssl http2;
  listen 443 ssl http2;


  client_body_buffer_size     100K;
  client_header_buffer_size   1k;
  client_max_body_size        5M;
  client_body_timeout   10;
  client_header_timeout 10;
  keepalive_timeout     5 5;
  send_timeout          10;

  ssl_certificate     CERTIFICATE_PATH; 
  ssl_certificate_key KEY_PATH;
  ssl_session_timeout 1d;
  ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
  ssl_session_tickets off;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers off;
  root /var/www/passbolt/webroot;
  index index.php;
  location / {
    try_files $uri $uri/ /index.php?$args;
  location ~ \.php$ {
    try_files                $uri =404;
    include                  fastcgi_params;
    fastcgi_pass             unix:/run/php/8.2.19-fpm.sock;
    fastcgi_index            index.php;
    fastcgi_intercept_errors on;
    fastcgi_split_path_info  ^(.+\.php)(.+)$;
    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param   $http_host;
    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";

getting crazy as I cannot understand what’s going wrong.


return [

     * All the information in this section must be provided in order for passbolt to work
     * This configuration overrides the CakePHP defaults located in app.php
     * Do not edit app.php as it may break your upgrade process
    'App' => [
        // A base URL to use for absolute links.
        // The fully qualified domain name (including protocol) to your application’s root
        // e.g. where the passbolt instance will be reachable to your end users.
        // This information is need to render images in emails for example.
        'fullBaseUrl' => '',
        // OPTIONAL
        // You can specify the base directory the app resides in.
        // Useful if you are running passbolt in a subdirectory like
        // Ensure your string starts with a / and does NOT end with a /

        'base' => '/passbolt'

:wave: Hello @Arkage, can you let us know if you are able to get success response by directly accessing https://<>/passbolt/healthcheck/status.json url?

nope 404.

I am afraid there might be some misconfig in nginx :confused:


2024/05/24 10:27:14 [error] 1194#0: *21239 openat() "/var/www/vhosts/" failed (2: No such file or directory), client:, server:, request: "GET /passbolt/healthcheck/status.json HTTP/2.0", host: ""

Hello @Arkage !

Having a 404 on this endpoint might show a misconfiguration on your server yes.

Just to make sure: are you able from a browser to access your passbolt instance (like, any URL, not onlt the healthcheck)?

Also, on the healthcheck through the CLI, if it says that the /healthcheck/status is not reachable, it could come from the fact that your sever can’t resolve its own domain.

You could try from the server CLI to run a ping on your own domain and see if it can resolve the domain name. If yes, it should most probably be and if not, then you will have to add an entry in your /etc/hosts file of your server for the domain name resolution.

I took another look at your configuration.
I noticed a mismatch that could be the issue (not 100% sure though).

On your nginx config there is:
root /var/www/passbolt/webroot;

On the log you show, it says:

Maybe you need for your passbolt nginx configuration file to set the root to the location /var/www/vhosts/

Maybe this instead