I am having the same problem. We are running our server on Amazon Linux2 and I am new to Linux and passbolt wording. If anyone has any suggestions to attempt, we are a google workspace shop, and Chrome is our default browser that is used across the organization. Any help would be greatly appreciated, as my predecessor did not leave any documentation.
Hello Can anyone help me I as I noted I am new to linux and this product.
I found a note from the person who built our passbolt server and its suggests running this command to clean up
The following command will clean up the passbolt database and can solve a variety of issues.
/opt/tli/passbolt/bin/cake passbolt cleanup
I have cut and paste it a console session to the EC2 instance and it does nothing no output etc…
Can anyone suggest something to try
@robert.ross Did you reinstall the v3 extension as suggested?
hi @garrett no i have not…
The extension in chrome works as it should I can gain access to passwords and groups etc.
Chrome is up to date
Version 113.0.5672.126 (Official Build) (arm64)
If I could not use the extension, I would have moved forward with attempting to run version 3. the web interface does not load which creates a challenge for adding new members etc. I inherited this platform on May 1st and learning as I go and not very proficient in Linux any help you can suggest would be greatly appreciated.
I’ve moved this to a new topic since it’s a bit different than the other one.
I have a few questions if you know the answers:
What OS are you running on the server?
Which web server is being used?
What is the web server user?
Can you reach the
/healthcheck path when logged in?
What device are you trying to access from?
Hello Garrett @garrett
Server Os is Amazon Linux2
I dont know about the WebServer or User
https://passbolt.trendline.email/healthcheck ( see below)
I am attempting to access passbolt from my Mac and using Chrome
Here is the output of the healthcheck URL
Passbolt API Status
PHP version 7.4.33.
PCRE compiled with unicode support.
The temporary directory and its content are writable.
The public image directory and its content are writable.
The logs directory and its content are writable.
GD or Imagick extension is installed.
Intl extension is installed.
Mbstring extension is installed.
SSL access is enabled.
The application config file is present
The passbolt config file is present
Debug mode is off.
Cache is working.
Unique value set for security.salt
Full base url is set to https://passbolt.trendline.email
App.fullBaseUrl validation OK.
/healthcheck/status is reachable.
The application is able to connect to the database
25 tables found
Some default content is present
The database schema up to date.
PHP GPG Module is installed and loaded.
The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
The server gpg key is not the default one
The public key file is defined in config/passbolt.php and readable.
The private key file is defined in config/passbolt.php and readable.
The server key fingerprint matches the one defined in config/passbolt.php.
The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
There is a valid email id defined for the server key.
The public key can be used to encrypt a message.
The private key can be used to sign a message.
The public and private keys can be used to encrypt and sign a message.
The private key can be used to decrypt a message.
The private key can be used to decrypt and verify a message.
The public key can be used to verify a signature.
This installation is not up to date. Currently using 2.12.0 and it should be v4.0.0.
Passbolt is configured to force SSL use.
App.fullBaseUrl is set to HTTPS.
Selenium API endpoints are disabled.
Search engine robots are told not to index content.
Registration is closed, only administrators can add users.
All email notifications will be sent.
@garrett, any update you can share? I dont want to have to rebuild the server completely, etc.
I doubt there is an in-place upgrade from the version we are running to a newer version that might fix this issue we are having.
@robert.ross Thanks for the info, very helpful.
Try using the v3 of the extension from the other post. It should gain you full access again. It will require going thru a recovery process with your admin private key and passphrase so have that handy.
It might be the case that your passbolt was installed as described here: Passbolt Help | Using Passbolt CE AWS AMI
When you review your account settings at AWS and that seems to be the case, then…
Your passbolt install is old and needs to be upgraded to the version 3.x of the API. (We say Updates for minor versions)
The instructions for upgrades are here: Passbolt Help | Upgrade
I don’t see instructions specifically for AWS but since an upgrade is from one major version to another, the process for all OSes are generally the same as if migrating to a new server, including backup steps, then install of new version, then db import. (Can be on same server)
Have a look through the different upgrade pages to get a feel for what I’m saying. But as you were saying you got sort of dropped into this, the good news is we have a strong community around the product. And if you need Pro help from a passbolt team member, they can help get you that too.
Thank you for this is @garrett, so the extension is pushed to google chrome via policy and not from the Google side. I scoured our GWS instance looking for the policy pushing the extension to Chrome, and was not located. I need to figure out how to break the policy push so I can attempt to uninstall and then reinstall the extension on my machine before moving on to others. Might you be able to share that information with me? How do I get access to your PRO HELP? This is impacting our ability to service clients
As the site is public, you could access from another device with the v3 extension. Not sure if your firm policy permits that but I think it might be required in your case to fix this.
If you write to email@example.com and include a link to this thread, someone will help get you to the right person. It may require scheduling time in the next day or so due to differences in time zones as the team is international.
Once passbolt is upgraded to at least v3 everyone will have access again so that is the most important first step. And, the upgrade is possible with only access to the server itself…the extension is not needed for upgrade. However, gaining access with a v3 extension would confirm that this is the actual issue you are facing.
@Garrett I attempted what you suggested via another machine that I have in my home and not only can you see in one screenshot its stating that I am not a valid user the second screenshot shows the error message in Version3 of the extension. I have contacted support as your suggested hoping to hear back from someone very soon. Thank you very much for your help thus far. I am wondering how can I run this command # /opt/tli/passbolt/bin/cake passbolt cleanup and see if that cleanup would fix the problem to get us functional so I can plan an upgrade
Thank you again very much for you time and consideration to someone in need.
Try the v3 with Firefox, as I think they don’t have the same restrictions. (The warning is the reason for the v4 extension.)
It’s not likely to help in this case, assuming it’s the extension like I think it is. It should still be fine as it was with no changes, if you can gain access via v3 extension.
Regarding your email not being recognized as a user, if you have server access, you might be able to view the user list in the db with the following steps.
If you are the
root user on the server, you can access the db with the command:
show databases will produce a list of dbs available. One is likely called
use passbolt to select the db (or if it’s another name, replace “passbolt” with the name of the db).
Then you can run this command to see a list of passbolt users, whether or not they are active, and whether or not they are deleted:
select username, active, deleted from users;
If you don’t see your email on the list, then that is why you got the message you saw. But, it would then beg the question what username is used on the extension through which you have partial access.
Hello, @garrett I attempted to log in as myself ( correct account this time) on a machine with a none updated version of chrome and the old plugin ( as recommended and it was not successful passbolt sat on the loading screen and I closed it out after waiting for five minutes. Images for reference