Checklist
[X ] I have read intro post: About the Installation Issues category
[X ] I have read the tutorials, help and searched for similar issues
[X ] I provide relevant information about my server (component names and versions, etc.)
[X ] I provide a copy of my logs and healthcheck
[X ] I describe the steps I have taken to trouble shoot the problem
[X ] I describe the steps on how to reproduce the issue
Good morning all,
After spending several hours understanding my problem, I allow myself to ask for some help here.
I installed passbolt on one of my servers (hosted by OVH). This is a debian 10, a mariadb 10.3.23-MariaDB-0 + deb10u1, and it has a postfix to relay mail. This part works very well.
I can send mail from shell, no problem:
---------------------------------------------------------------
Debug email shell
---------------------------------------------------------------
Email configuration
---------------------------------------------------------------
Host: ssl://ssl0.ovh.net
Port: 465
Username: admin@mydomain.fr
Password: *********
TLS: false
Sending email from: admin admin@mydomain.fr
Sending email to: me@mydomain.fr
---------------------------------------------------------------
Trace
[220] GARM-96R001 Sunday, September 20, 2020
> EHLO localhost
[250] OVH SMTP PROXY Hello
[250] SIZE 104857600
[250] ENHANCEDSTATUSCODES
[250] AUTH LOGIN PLAIN
[250] AUTH=LOGIN PLAIN
[250] 8BITMIME
> AUTH LOGIN
[334] VXNlcm5hbWU6
> *****
[334] UGFzc3dvcmQ6
> *****
[235] 2.7.0 Authentication successful
> MAIL FROM:<*****>
[250] 2.1.0 Sender OK
> RCPT TO:<me@mydomain.fr>
[250] 2.1.5 Recipient OK
> DATA
[354] Start mail input; end with <CRLF>.<CRLF>
> From: admin <*****>
To: me@mydomain.fr
Date: Sun, 20 Sep 2020 08:32:47 +0000
Message-ID: <f7c76fc5552e4caf8627ec5d6c709788@server>
Subject: Passbolt test email
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Congratulations!
If you receive this email, it means that your passbolt smtp configuration is working fine.
[250] 2.6.0 <f7c76fc5552e4caf8627ec5d6c709788@server> [InternalId=41510858919472, Hostname=DAG4EX2.mxp5.local] 1643 bytes in 0.152, 10.528 KB/sec Queued mail for delivery
> QUIT
The message has been successfully sent!
But when I want to invite via passbolt, no mail is sent.
So I run a Healthcheck to find out a little more.
---------------------------------------------------------------
Healthcheck shell
---------------------------------------------------------------
Environment
[PASS] PHP version 7.3.19-1~deb10u1.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.mydomain.fr
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fopen(): Failed to enable crypto
fopen(https://passbolt.mydomain.fr/healthcheck/status.json): failed to open stream: operation failed
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (2.13.5).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
2 error(s) found. Hang in there!
Could this certificate issue (generated directly from the passbolt installer) prevent this email from being sent? Which again works great.
Additionally, I noticed the following error in the logs:
Exception: SQLSTATE[HY000] [1045] Access denied for user ''@'localhost' (using password: NO) in [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php, line 92]
Who is the user? www-data? the passbolt administrator of the base?
My passbolt.php:
// Database configuration.
'Datasources' => [
'default' => [
'host' => '127.0.0.1',
'port' => '3306',
'username' => 'passboltadmin',
'password' => 'XXXXXX',
'database' => 'passbolt',
],
],
MySQL works for passboltadmin via shell, no problem.
Do I have to create a mysql user www-data ?
I begin to despair.
Thank you in advance.