HTTPS - SSL cert

chvgms · March 31, 2026, 12:52pm

Checklist
I have read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi,

Need help in configuring HTTPS with GoDaddy cert. we recently purchased PRO license and trying to setup for my team. I want to use my SSL cert for this purpose. I have the certificate with wild entry (*.companydomain.com). Converted to .pem format. i am getting the below error message. removed password for key while converting. FYI, i am using VM provided by passbolt.

did i miss any steps? pls let me know.

[emerg] 172379#172379: SSL_CTX_use_PrivateKey(“/etc/ssl/private/1774960367-private.pem”) failed (SSL: error:05800074:x509 certificate routines::key values mismatch)

nginx: configuration file /etc/nginx/nginx.conf test failed

Thanks,

Sridhar

gyaresu · April 1, 2026, 4:18am

G’day Sridhar,

The error key values mismatch means the private key file and the certificate file don’t correspond to each other. This usually happens when the certificate was converted or exported separately from the key, and they got mixed up.

You can confirm this by comparing the modulus of both files on the server:

openssl x509 -noout -modulus -in /etc/ssl/certs/your-cert.pem | openssl md5
openssl rsa -noout -modulus -in /etc/ssl/private/1774960367-private.pem | openssl md5

If the two MD5 values don’t match, the key and certificate are from different pairs.

A few things to check:

Make sure the private key is the one that was used to generate the CSR (Certificate Signing Request) for this specific GoDaddy certificate.
If GoDaddy provided multiple files (certificate, intermediate, root), you may need to combine the certificate and intermediate chain into a single file. The order should be: your domain certificate first, then the intermediate certificate(s).
Verify the private key itself is valid: openssl rsa -check -in /etc/ssl/private/1774960367-private.pem

Once the modulus values match between your key and certificate, nginx should accept them.

I wrote an introductory page about TLS here: https://www.passbolt.com/docs/hosting/configure/tls/

Let us know how you go.

Cheers
Gareth

chvgms · April 1, 2026, 5:56am

Thx Gareth. I was able to fix the cert issue. I now have a new issue.

For some reason, my SMTP auth password is incorrect and not receiving emails when i provide my email id to login. also when i edit /etc/passbolt.passbolt.php file, i don’t see any EMAIL related configuration, pls assist.

gyaresu · April 1, 2026, 8:07am

Good to hear Sridhar.

Email settings have to be configured in the UI.

You haven’t given us much info about your mail server so I would suggest:

Don’t use your email username and password. You probably need an “Application password” which is generated by your email provider for the purposes of logging in from other software.
You may be needing to trust TLS certificates for SMTP transport.
- If that’s the case then you can take a look at my demo repo for some ideas on how to handle TLS for SMTP https://github.com/gyaresu/gareth-passbolt?tab=readme-ov-file#smtp-configuration

Let us know how you go.

Cheers
Gareth