Passbolt Issues connection after installation

System:
Ubuntu Server 20.04.04 LTS
Apache2 2.4.41
mysql 8.0.28-0ubuntu0.20.04.3
PHP 7.4.3
passbolt (github link GitHub - passbolt/passbolt_api: Passbolt CE Backend, a JSON API written with Cakephp)

Hello everyone,

Once the installation of passbolt was completed, I went to the installation link allowing me to create and configure the administrator account. At the end of the account creation, an error occurs:

I tried to add the debug mode (‘debug’ => ‘true’,) in /var/www/passbolt/config/passbolt.php but it didn’t change anything.

Here are the logs of /var/www/passbolt/logs/error.log:

2022-04-22 14:19:30 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:19:30 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:19:31 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:19:31 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:09 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:09 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:10 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:10 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:28 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:28 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
2022-04-22 14:28:29 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/login.json?api-version=v2
Client IP: 192.168.133.77

2022-04-22 14:34:41 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

2022-04-22 14:34:51 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/login.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 06:20:46 Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /var/www/passbolt/vendor/cakephp/authentication/src/Controller/Component/AuthenticationComponent.php on line 177
Request URL: /auth/is-authenticated.json
Client IP: 192.168.133.71

2022-04-25 08:01:36 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:19:34 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:19:34 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:19:45 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/login.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:31:33 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:31:39 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/login.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:31:50 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:31:56 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/login.json?api-version=v2
Client IP: 192.168.133.77

2022-04-25 08:32:42 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
Request URL: /auth/verify.json?api-version=v2
Client IP: 192.168.133.77

Bests regards,
Thanks for the help!
Samuel

Hi @SamuelCUGNIN and welcome to passbolt community forum :wave:

Which documentation did you followed to setup passbolt on your Ubuntu server ?

Our recommendation is to install passbolt with our package as explained in our documentation: Passbolt Help | Install Passbolt CE on Ubuntu 20.04

I guess you have file permissions and ownership issues. Can you give us the output of the status-report command ?

sudo /var/www/passbolt/bin/status-report

Best,

Hi,
First of all,

Thank you for your answer.

I used this link How to Install Passbolt Password Manager on Ubuntu 20.04 Server and the official passbolt documentation.
And here is the report.
THANKS

>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
> Passbolt CE 3.5.0
> Cakephp 4.2.9
> Linux IHUS-PASSBOLT 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
> PHP 7.4.3 (cli) (built: Mar  2 2022 15:36:52) ( NTS )
> mysql  Ver 8.0.28-0ubuntu0.20.04.3 for Linux on x86_64 ((Ubuntu))
> gpg (GnuPG) 2.2.19
> libgcrypt 1.8.5
> Do not run Composer as root/super user! See https://getcomposer.org/root for details
> Composer 1.10.1 2020-03-13 20:34:27
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
>  Healthcheck shell.....Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied
> In [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 
> 2022-04-25 09:15:38 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> Warning Error: SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied
> In [/var/www/passbolt/vendor/cakephp/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 
> 2022-04-25 09:15:38 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]                                                                                                                                                                                       
> -------------------------------------------------------------------------------
> 
>  Environment
> 
>  [PASS] PHP version 7.4.3.
>  [PASS] PCRE compiled with unicode support.
>  [FAIL] The temporary directory and its content are not writable, or are executable.
>  [HELP] Ensure the temporary directory and its content are writable by the webserver user.
>  [HELP] you can try:
>  [HELP] sudo chown -R www-data:www-data /var/www/passbolt/tmp/
>  [HELP] sudo chmod -R 775 $(find /var/www/passbolt/tmp/ -type d)
>  [HELP] sudo chmod -R 664 $(find /var/www/passbolt/tmp/ -type f)
>  [PASS] The logs directory and its content are writable.
>  [PASS] GD or Imagick extension is installed.
>  [PASS] Intl extension is installed.
>  [PASS] Mbstring extension is installed.
> 
>  Config files
> 
>  [PASS] The application config file is present
>  [PASS] The passbolt config file is present
> 
>  Core config
> 
>  [FAIL] Debug mode is on.
>  [HELP] Set debug = false; in config/passbolt.php
>  [PASS] Cache is working.
>  [PASS] Unique value set for security.salt
>  [PASS] Full base url is set to https://passbolt.ihu-strasbourg.eu
>  [PASS] App.fullBaseUrl validation OK.
>  [PASS] /healthcheck/status is reachable.
> 
>  SSL Certificate
> 
>  [PASS] SSL peer certificate validates
>  [PASS] Hostname is matching in SSL certificate.
>  [PASS] Not using a self-signed certificate
> 
>  Database
> 
>  [PASS] The application is able to connect to the database
>  [PASS] 26 tables found
>  [PASS] Some default content is present
>  [PASS] The database schema up to date.
> 
>  GPG Configuration
> 
>  [PASS] PHP GPG Module is installed and loaded.
>  [FAIL] The environment variable GNUPGHOME is set to /var/www/.gnupg, but the directory does not exist.
>  [HELP] Ensure the keyring location exists and is accessible by the webserver user.
>  [HELP] you can try:
>  [HELP] sudo mkdir /var/www/.gnupg
>  [HELP] sudo chown -R www-data:www-data /var/www/.gnupg
>  [HELP] sudo chmod 700 /var/www/.gnupg
>  [HELP] You can change the location of the keyring by editing the GPG.env.setenv and GPG.env.home variables in config/passbolt.php.
>  [PASS] The server OpenPGP key is not the default one
>  [PASS] The public key file is defined in config/passbolt.php and readable.
>  [PASS] The private key file is defined in config/passbolt.php and readable.
>  [FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
>  [HELP] Double check the key fingerprint, example:
>  [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/www/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
>  [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
>  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
>  [FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
>  [HELP] Import the private server key in the keyring of the webserver user.
>  [HELP] you can try:
>  [HELP] sudo su -s /bin/bash -c "gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
>  [PASS] There is a valid email id defined for the server key.
> 
>  Application configuration
> 
>  [PASS] Using latest passbolt version (3.5.0).
>  [PASS] Passbolt is configured to force SSL use.
>  [PASS] App.fullBaseUrl is set to HTTPS.
>  [PASS] Selenium API endpoints are disabled.
>  [PASS] Search engine robots are told not to index content.
>  [PASS] Registration is closed, only administrators can add users.
>  [PASS] Serving the compiled version of the javascript app
>  [PASS] All email notifications will be sent.
> 
>  JWT Authentication
> 
>  [PASS] The JWT Authentication plugin is enabled
>  [PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
>  [FAIL] A valid JWT key pair is missing
>  [HELP] Run the create JWT keys script to create a valid JWT secret and public key pair:
>  [HELP] sudo su -s /bin/bash -c "/var/www/passbolt/bin/cake passbolt create_jwt_keys" www-data
> 
>  [FAIL] 6 error(s) found. Hang in there!
> 
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
>  Cleanup shell (dry-run)
> -------------------------------------------------------------------------------
> No issue found, data looks squeaky clean!
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
> Data check shell
> [PASS] Data integrity for AuthenticationTokens.
>   [PASS] Can validate: 1/1
> [PASS] Data integrity for Comments.
>   [PASS] Can validate: 0/0
> [PASS] Data integrity for Favorites.
>   [PASS] Can validate: 0/0
> [FAIL] Data integrity for Gpgkeys.
>   [FAIL] Can encrypt: 0/1
>     [FAIL] Failed to encrypt with key 477356298078AF89487EC47B40EED186AB4CEA9A. Could not import the user OpenPGP key.
>   [PASS] Can validate: 1/1
>   [PASS] Is not expired: 1/1
>   [PASS] Is armored key format valid: 1/1
>   [PASS] Is email unique: 1/1
> [PASS] Data integrity for Groups.
>   [PASS] Can validate: 0/0
> [PASS] Data integrity for Profiles.
>   [PASS] Can validate: 1/1
> [PASS] Data integrity for Resources.
>   [PASS] Can validate: 0/0
> [PASS] Data integrity for Secrets.
>   [PASS] Can validate: 0/0
> [PASS] Data integrity for Users.
>   [PASS] Can validate: 1/1
> 2022-04-22 14:19:30 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:19:30 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:19:31 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:19:31 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:09 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:09 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:10 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:10 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:28 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:28 Warning: Warning (512): SplFileInfo::openFile(/var/www/passbolt/tmp/cache/models/myapp_cake_model_default_roles): failed to open stream: Permission denied in [/var/www/passbolt/vendor/cake                             php/cakephp/src/Cache/Engine/FileEngine.php, line 387]
> 2022-04-22 14:28:29 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-22 14:34:41 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-22 14:34:51 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 06:20:46 Error: [Authentication\Authenticator\UnauthenticatedException] Authentication is required to continue in /var/www/passbolt/vendor/cakephp/authentication/src/Controller/Component/Authentica                             tionComponent.php on line 177
> Request URL: /auth/is-authenticated.json
> Client IP: 192.168.133.71
> 
> 
> 2022-04-25 08:01:36 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:19:34 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:19:34 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:19:45 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:31:33 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:31:39 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:31:50 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:31:56 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:32:42 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:35:05 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:35:11 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:35:51 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:35:57 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/login.json?api-version=v2
> Client IP: 192.168.133.77
> 
> 
> 2022-04-25 08:38:56 Error: [Cake\Http\Exception\InternalErrorException] The authentication failed. in /var/www/passbolt/src/Controller/Auth/AuthLoginController.php on line 93
> Request URL: /auth/verify.json?api-version=v2
> Client IP: 192.168.133.77

Thanks for the report, you should drop your server and re-install following the official documentation: Passbolt Help | Install Passbolt CE on Ubuntu 20.04

I and others have already put comments to this LinuxBabe blog article to not follow it.
You have executed some commands as root user and made passbolt unusuable because of this (passbolt tmp and gnupg folders have file ownership issues).

If you can’t or don’t want restart your setup from the beginning, you can manually fix rights:

sudo chown -R www-data:www-data /var/www/passbolt
sudo chown -R www-data:www-data /var/www/.gnupg

Then post here the result of the passbolt healthcheck only:

sudo /var/www/passbolt/bin/healthcheck

It should work after the chown commands. But you maybe will have issues on next updates.

Another thought:

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[FAIL] A valid JWT key pair is missing

You won’t be able to use the mobile app without these JWT key. They are automatically created with the package installation. With the installation from source, you have to create them manually: Passbolt Help | How to generate JWT key pair manually

Best regards,

1 Like

I think I made a mistake when creating the gpg key, can you help with that pleaseeee?

Here is the healthcheck:

>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
> Running baseline checks, please wait...
> Could not use key 59CE886E3B450DF5A03BAE1D668C5BF931F2E905 for signing. get_key failed
> Please run ./bin/cake passbolt healthcheck for more information and help.
> scugnin@IHUS-PASSBOLT:/var/www/passbolt$ sudo /var/www/passbolt/bin/healthcheck
> 
>      ____                  __          ____
>     / __ \____  _____ ____/ /_  ____  / / /_
>    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
>   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
>  /_/    \__,_/____/____/_.___/\____/_/\__/
> 
>  Open source password manager for teams
> -------------------------------------------------------------------------------
>  Healthcheck shell
> -------------------------------------------------------------------------------
> 
>  Environment
> 
>  [PASS] PHP version 7.4.3.
>  [PASS] PCRE compiled with unicode support.
>  [PASS] The temporary directory and its content are writable and not executable.
>  [PASS] The logs directory and its content are writable.
>  [PASS] GD or Imagick extension is installed.
>  [PASS] Intl extension is installed.
>  [PASS] Mbstring extension is installed.
> 
>  Config files
> 
>  [PASS] The application config file is present
>  [PASS] The passbolt config file is present
> 
>  Core config
> 
>  [FAIL] Debug mode is on.
>  [HELP] Set debug = false; in config/passbolt.php
>  [PASS] Cache is working.
>  [PASS] Unique value set for security.salt
>  [PASS] Full base url is set to https://passbolt.ihu-strasbourg.eu
>  [PASS] App.fullBaseUrl validation OK.
>  [PASS] /healthcheck/status is reachable.
> 
>  SSL Certificate
> 
>  [PASS] SSL peer certificate validates
>  [PASS] Hostname is matching in SSL certificate.
>  [PASS] Not using a self-signed certificate
> 
>  Database
> 
>  [PASS] The application is able to connect to the database
>  [PASS] 26 tables found
>  [PASS] Some default content is present
>  [PASS] The database schema up to date.
> 
>  GPG Configuration
> 
>  [PASS] PHP GPG Module is installed and loaded.
>  [FAIL] The environment variable GNUPGHOME is set to /var/www/.gnupg, but the directory does not exist.
>  [HELP] Ensure the keyring location exists and is accessible by the webserver user.
>  [HELP] you can try:
>  [HELP] sudo mkdir /var/www/.gnupg
>  [HELP] sudo chown -R www-data:www-data /var/www/.gnupg
>  [HELP] sudo chmod 700 /var/www/.gnupg
>  [HELP] You can change the location of the keyring by editing the GPG.env.setenv and GPG.env.home variables in config/passbolt.php.
>  [PASS] The server OpenPGP key is not the default one
>  [PASS] The public key file is defined in config/passbolt.php and readable.
>  [PASS] The private key file is defined in config/passbolt.php and readable.
>  [FAIL] The server key fingerprint doesn't match the one defined in config/passbolt.php.
>  [HELP] Double check the key fingerprint, example:
>  [HELP] sudo su -s /bin/bash -c "gpg --list-keys --fingerprint --home /var/www/.gnupg" www-data | grep -i -B 2 'SERVER_KEY_EMAIL'
>  [HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
>  [HELP] See. https://www.passbolt.com/help/tech/install#toc_gpg
>  [FAIL] The server public key defined in the config/passbolt.php (or environment variables) is not in the keyring
>  [HELP] Import the private server key in the keyring of the webserver user.
>  [HELP] you can try:
>  [HELP] sudo su -s /bin/bash -c "gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" www-data
>  [PASS] There is a valid email id defined for the server key.
> 
>  Application configuration
> 
>  [PASS] Using latest passbolt version (3.5.0).
>  [PASS] Passbolt is configured to force SSL use.
>  [PASS] App.fullBaseUrl is set to HTTPS.
>  [PASS] Selenium API endpoints are disabled.
>  [PASS] Search engine robots are told not to index content.
>  [PASS] Registration is closed, only administrators can add users.
>  [PASS] Serving the compiled version of the javascript app
>  [PASS] All email notifications will be sent.
> 
>  JWT Authentication
> 
>  [PASS] The JWT Authentication plugin is enabled
>  [PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
>  [PASS] A valid JWT key pair was found
> 
>  [FAIL] 4 error(s) found. Hang in there!

Best regards,

I fixed it,

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 Environment

 [PASS] PHP version 7.4.3.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [FAIL] Debug mode is on.
 [HELP] Set debug = false; in config/passbolt.php
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.ihu-strasbourg.eu
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [PASS] SSL peer certificate validates
 [PASS] Hostname is matching in SSL certificate.
 [PASS] Not using a self-signed certificate

 Database

 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/www/.gnupg.
 [PASS] The directory /var/www/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 Application configuration

 [PASS] Using latest passbolt version (3.5.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [PASS] The JWT Authentication plugin is enabled
 [PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
 [PASS] A valid JWT key pair was found

I will look for the JWT.
Thanks for your help.

1 Like

You’re welcome, but if you start with problems on a “from-source” installation, more problems you will have when you will update passbolt.

The from-source installation is more for operating systems without an available passbolt package such as FreeBSD. There is no reason to don’t use the package on Ubuntu.

Cheers,

Ok thanks for the advice.

You can close the topic.

Best regards.