Not able to install Passbolt CE on Ubuntu 20.04 with Let's Encrypt

Some days ago i installed for my self Passbolt Pro On Premise on Ubuntu 20.04 LTS with my own SSL Certificate. This works fine.

Now i tryed to install Passbolt CE for a Customer on an vServer. But it is not possible to installed it with Let’s Encrpyt.

The A and AAAA Records are made 2 days ago for the subdomain which i use for this Server. The IPv4 and IPv6 Address is correct. I checked this several times.

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.

 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
   [2a03::::::::::::]: "<html>\r\n<head><title>404
   Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.18.0 (Ub"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

what can i do?

Hey @Holla_Die_Waldfee

Check the NGINX configuration to make sure it is handling calls on port 80 to that path properly. Most likely LE is writing the validation file in a location other than your root project path. You could add an NGINX location for that specific path.

Hi garrett, thx for your reply.

It looks like this is an error in the installation script from passbolt. I can reproduce the error on another virutal machine with Ubuntu 20.04 LTS.

I think LE is writing the validation file into the wrong direction, because Passbolt is reachable under port 80 and i get an 404 error page with the validiation link.
How can i change the direction for the LE validation file?

@Holla_Die_Waldfee We are recommending a package-based install for Ubuntu now, btw. Can you post your NGINX config file? And have you determined where LE is writing the validation file? What location is that?

1 Like

Hi @Holla_Die_Waldfee

I was able to reproduce your problem. When Let’s Encrypt generate a certificate, the certbot agent generate a file in http://domain.tld/.well-known/acme-challenge/long-random-name and the Let’s Encrypt servers try to communicate with this URL in HTTP on 80/TCP port.

If both IPv4/IPv6 of domain.tld are available, Let’s Encrypt will always prefer the IPv6 address.

In the /etc/nginx/sites-enabled folder, we can find 2 configuration files with these directives:


listen 80;


listen 80 default_server;
listen [::]:80 default_server;

It means the passbolt configuration file listen “only” on IPv4 and the default one listen on both IPv4/IPv6.

I can propose to you to add a line listen [::]:80 before the listen 80 line on /etc/nginx/sites-enabled/nginx-passbolt.conf file.

Then you should be able to generate your certificate. Let us know if it fixes your issue, we will update the nginx configuration file.


1 Like

thanks to _jc! Adding the line

listen [::]:80; 

before the existing “listen 80;” line solved the problem. Here the first lines from the nginx-passbolt.conf file, so that others can find it quickly:

#  Passbolt.conf - Nginx configuration file to run the Passbolt software.

server {

  listen [<your_ipv6_address>]:80;
  listen 80;

  # Managed by Passbolt
  server_name passbolt.<yourdomain>.xyz;

  client_body_buffer_size     100K;
  client_header_buffer_size   1K;
  client_max_body_size        5M;

@garrett: i used the Ubuntu package-based installer. So the problem is in the package.


I’m glad to hear your problem has been solved ! We will update the Debian / Ubuntu package accordingly thanks to your feedback.
Enjoy your new passbolt instance and don’t hesitate to reach us in any case :grinning: