Passbolt Dead after Update - Ubuntu 22.04 ERR_TOO_MANY-REDIRECTS

I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Passbolt is dead after Updating.

Trying to Open up passbolt after the update is giving my ERR_TOO_MANY_REDIRECTS.

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
 Healthcheck shell


 [PASS] PHP version 8.1.2-1ubuntu2.13.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to
 [PASS] App.fullBaseUrl validation OK.
 [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
 [HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
 [HELP] Check the network settings

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate


 [PASS] The application is able to connect to the database
 [PASS] 32 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
 [PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (4.1.1).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [INFO] The Self Registration plugin is enabled.
 [INFO] Registration is closed, only administrators can add users.
 [PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
 [WARN] Host availability checking is disabled.
 [HELP] Make sure this instance is not publicly available on the internet.
 [HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
 [HELP] Or set to true in /etc/passbolt/passbolt.php.
 [PASS] Serving the compiled version of the javascript app.
 [WARN] Some email notifications are disabled by the administrator.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /etc/passbolt/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

 SMTP Settings

 [PASS] The SMTP Settings plugin is enabled.
 [PASS] SMTP Settings coherent. You may send a test email to validate them.
 [PASS] The SMTP Settings source is: database.
 [WARN] The SMTP Settings plugin endpoints are enabled.
 [HELP] It is recommended to disable the plugin endpoints.
 [HELP] Or set to true in /etc/passbolt/passbolt.php.

 [FAIL] 1 error(s) found. Hang in there!

PHP has not been Upgraded:

The following packages have been kept back:
initramfs-tools initramfs-tools-bin initramfs-tools-core
libnginx-mod-http-geoip2 libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
libnginx-mod-stream-geoip2 nginx nginx-common nginx-core
The following packages will be upgraded:
passbolt-ce-server ubuntu-server-minimal
php -v

PHP 8.1.2-1ubuntu2.13 (cli) (built: Jun 28 2023 14:01:49) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
with Zend OPcache v8.1.2-1ubuntu2.13, Copyright (c), by Zend Technologies
php part of nginx config

location ~ .php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_intercept_errors on;
fastcgi_split_path_info ^(.+.php)(.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE “upload_max_filesize=5M \n post_max_size=5M”;

Listing the directory /run/php/ contains

drwxr-xr-x 25 root root 820 Jul 12 08:54 …
lrwxrwxrwx 1 root root 30 Jul 12 08:50 php-fpm.sock → /etc/alternatives/php-fpm.sock
-rw-r–r-- 1 root root 3 Jul 12 08:50
srw-rw---- 1 www-data www-data 0 Jul 12 08:50 php8.1-fpm.sock

No new entrys are being written to /var/log/passbolt/error.log after upgrading.

Passbolt Server is running on Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-76-generic x86_64)

1 Like

Hello, please read the following post because maybe you can solve this issue together

I also followed this post and also left several comments.

But there is no solution yet.

Hi @Sk4nkhunt42

Thank you for posting your information.

You can try setting the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true in /etc/passbolt/passbolt.php

I have searched for the answer for [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl

The best I can find is this answer

the following packages are being kept back

Out of curiosity could you check if you have the force ssl set to true? You can change this setting in /etc/passbolt/passbolt.php or /etc/passbolt/default.php I suggest changing it in the former.

In passbolt.php you need to add the following snippet in the passbolt section:

 'ssl' => [
          'force' => true,

or in default.php

'ssl' => [
            'force' => filter_var(env('PASSBOLT_SSL_FORCE', true), FILTER_VALIDATE_BOOLEAN)

Sorry for late reply, forcing ssl was set to true.

Passbolt is running behind a reverse proxy wich is handeling ssl.
Disabling SSL forcing in the passbolt config did work!


1 Like