Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to troubleshoot the problem
[x] I describe the steps on how to reproduce the issue
Hi everyone.
I’m in the middle of moving our Passbolt server from a dedicated box to a VM on another server. We’ve been running it on the dedicated box for about a year and love it. The packages are about as 1:1 as we could get.
CentOS 7.7, PHP 7.2.24, MariaDB 10.3.20, NGINX 1.16.1
I copied everything from /var/www/passbolt on server 1 to server 2 with rsync over ssh.
When I first ran healthcheck it was reporting that I hadn’t imported the key and a few permissions issues, which I fixed by running their recommended commands. However, now I’m only down to issues with not having an SSL certificate on the site yet and it still says “Could not verify server key. The OpenPGP server key defined in the config could not be found in the GnuPG keyring.”. On the right, in the login area it says “Oops! Something went wrong” but there’s nothing new in the error logs.
Saw another similar issue where he mentioned time problems which apparently I had forgotten about, but after adjusting the server to the same timezone as the other the problem persists.
In my config file I have:
'passbolt' => [
// GPG Configuration.
// The keyring must to be owned and accessible by the webserver user.
// Example: www-data user on Debian
'gpg' => [
// Main server key.
'serverKey' => [
// Server private key fingerprint.
'fingerprint' => '35E9DFA05FCD47B7F4F78EE4576A68950CDDEFED',
'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc',
],
],
and when I run su -s /bin/bash -c "gpg --fingerprint" nginx I get:
/var/cache/nginx/.gnupg/pubring.gpg
-----------------------------------
pub 2048R/0CDDEFED 2018-11-28
Key fingerprint = 35E9 DFA0 5FCD 47B7 F4F7 8EE4 576A 6895 0CDD EFED
uid 360bolt <achamberlain@fakeemail.com>
sub 2048R/A35C10CF 2018-11-28
So seems like the same key as my old server, and indeed, the healthcheck seems to think so as well.
The output of sudo -u nginx ./bin/cake passbolt healthcheck also doesn’t contain any errors related to the key.
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
---------------------------------------------------------------
Healthcheck shell
---------------------------------------------------------------
Environment
[PASS] PHP version 7.2.25.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to <obfuscated>
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/cache/nginx/.gnupg.
[PASS] The directory /var/cache/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[FAIL] This installation is not up to date. Currently using 2.10.0 and it should be v2.11.0.
[HELP] See. https://www.passbolt.com/help/tech/update
[FAIL] Passbot is not configured to force SSL use.
[HELP] Set passbolt.ssl.force to true in config/passbolt.php.
[FAIL] App.fullBaseUrl is not set to HTTPS.
[HELP] Check App.fullBaseUrl url scheme in config/passbolt.php.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
6 error(s) found. Hang in there!
Random Thought I will check next: Database Encodings match.