New users unable to access web interface, existing user can access groups, etc

I am having the same problem. We are running our server on Amazon Linux2 and I am new to Linux and passbolt wording. If anyone has any suggestions to attempt, we are a google workspace shop, and Chrome is our default browser that is used across the organization. Any help would be greatly appreciated, as my predecessor did not leave any documentation.

Hello Can anyone help me I as I noted I am new to linux and this product.

I found a note from the person who built our passbolt server and its suggests running this command to clean up

Various Issues

The following command will clean up the passbolt database and can solve a variety of issues.

/opt/tli/passbolt/bin/cake passbolt cleanup

I have cut and paste it a console session to the EC2 instance and it does nothing no output etc…

Can anyone suggest something to try


@robert.ross Did you reinstall the v3 extension as suggested?

hi @garrett no i have not…

The extension in chrome works as it should I can gain access to passwords and groups etc.
Chrome is up to date
Version 113.0.5672.126 (Official Build) (arm64)

If I could not use the extension, I would have moved forward with attempting to run version 3. the web interface does not load which creates a challenge for adding new members etc. I inherited this platform on May 1st and learning as I go and not very proficient in Linux any help you can suggest would be greatly appreciated.

I’ve moved this to a new topic since it’s a bit different than the other one.

I have a few questions if you know the answers:
What OS are you running on the server?
Which web server is being used?
What is the web server user?
Can you reach the /healthcheck path when logged in?

What device are you trying to access from?

Hello Garrett @garrett

Server Os is Amazon Linux2
I dont know about the WebServer or User ( see below)
I am attempting to access passbolt from my Mac and using Chrome

Here is the output of the healthcheck URL

Passbolt API Status


PHP version 7.4.33.

PCRE compiled with unicode support.

The temporary directory and its content are writable.

The public image directory and its content are writable.

The logs directory and its content are writable.

GD or Imagick extension is installed.

Intl extension is installed.

Mbstring extension is installed.

SSL access is enabled.

Config files

The application config file is present

The passbolt config file is present

Core config

Debug mode is off.

Cache is working.

Unique value set for security.salt

Full base url is set to

App.fullBaseUrl validation OK.

/healthcheck/status is reachable.


The application is able to connect to the database

25 tables found

Some default content is present

The database schema up to date.

GPG Configuration

PHP GPG Module is installed and loaded.

The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.

The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.

The server gpg key is not the default one

The public key file is defined in config/passbolt.php and readable.

The private key file is defined in config/passbolt.php and readable.

The server key fingerprint matches the one defined in config/passbolt.php.

The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.

There is a valid email id defined for the server key.

The public key can be used to encrypt a message.

The private key can be used to sign a message.

The public and private keys can be used to encrypt and sign a message.

The private key can be used to decrypt a message.

The private key can be used to decrypt and verify a message.

The public key can be used to verify a signature.

Application configuration

This installation is not up to date. Currently using 2.12.0 and it should be v4.0.0.

Passbolt is configured to force SSL use.

App.fullBaseUrl is set to HTTPS.

Selenium API endpoints are disabled.

Search engine robots are told not to index content.

Registration is closed, only administrators can add users.

Serving the compiled version of the javascript app

All email notifications will be sent.

@garrett, any update you can share? I dont want to have to rebuild the server completely, etc.

I doubt there is an in-place upgrade from the version we are running to a newer version that might fix this issue we are having.

@robert.ross Thanks for the info, very helpful.

Try using the v3 of the extension from the other post. It should gain you full access again. It will require going thru a recovery process with your admin private key and passphrase so have that handy.

It might be the case that your passbolt was installed as described here: Passbolt Help | Using Passbolt CE AWS AMI

When you review your account settings at AWS and that seems to be the case, then…

Your passbolt install is old and needs to be upgraded to the version 3.x of the API. (We say Updates for minor versions)

The instructions for upgrades are here: Passbolt Help | Upgrade

I don’t see instructions specifically for AWS but since an upgrade is from one major version to another, the process for all OSes are generally the same as if migrating to a new server, including backup steps, then install of new version, then db import. (Can be on same server)

Have a look through the different upgrade pages to get a feel for what I’m saying. But as you were saying you got sort of dropped into this, the good news is we have a strong community around the product. And if you need Pro help from a passbolt team member, they can help get you that too.

Thank you for this is @garrett, so the extension is pushed to google chrome via policy and not from the Google side. I scoured our GWS instance looking for the policy pushing the extension to Chrome, and was not located. I need to figure out how to break the policy push so I can attempt to uninstall and then reinstall the extension on my machine before moving on to others. Might you be able to share that information with me? How do I get access to your PRO HELP? This is impacting our ability to service clients

As the site is public, you could access from another device with the v3 extension. Not sure if your firm policy permits that but I think it might be required in your case to fix this.

If you write to and include a link to this thread, someone will help get you to the right person. It may require scheduling time in the next day or so due to differences in time zones as the team is international.

Once passbolt is upgraded to at least v3 everyone will have access again so that is the most important first step. And, the upgrade is possible with only access to the server itself…the extension is not needed for upgrade. However, gaining access with a v3 extension would confirm that this is the actual issue you are facing.

@Garrett I attempted what you suggested via another machine that I have in my home and not only can you see in one screenshot its stating that I am not a valid user the second screenshot shows the error message in Version3 of the extension. I have contacted support as your suggested hoping to hear back from someone very soon. Thank you very much for your help thus far. I am wondering how can I run this command # /opt/tli/passbolt/bin/cake passbolt cleanup and see if that cleanup would fix the problem to get us functional so I can plan an upgrade

Thank you again very much for you time and consideration to someone in need.

1 Like

Try the v3 with Firefox, as I think they don’t have the same restrictions. (The warning is the reason for the v4 extension.)

It’s not likely to help in this case, assuming it’s the extension like I think it is. It should still be fine as it was with no changes, if you can gain access via v3 extension.

Regarding your email not being recognized as a user, if you have server access, you might be able to view the user list in the db with the following steps.

If you are the root user on the server, you can access the db with the command: mysql

show databases will produce a list of dbs available. One is likely called passbolt.

use passbolt to select the db (or if it’s another name, replace “passbolt” with the name of the db).

Then you can run this command to see a list of passbolt users, whether or not they are active, and whether or not they are deleted:
select username, active, deleted from users;

If you don’t see your email on the list, then that is why you got the message you saw. But, it would then beg the question what username is used on the extension through which you have partial access.

Hello, @garrett I attempted to log in as myself ( correct account this time) on a machine with a none updated version of chrome and the old plugin ( as recommended and it was not successful passbolt sat on the loading screen and I closed it out after waiting for five minutes. Images for reference

So the login page didn’t even load like the other time with the v4 extension? That’s unexpected. Any errors in the browser console?

Edit: I’m able to get to the /users/recover path with 3.12 extension:

(the ip address:1443 was specific to the other user’s setup)