Checklist
[ +] I have read intro post: About the Installation Issues category
[ +] I have read the tutorials, help and searched for similar issues
[ +] I provide relevant information about my server (component names and versions, etc.)
[ +] I provide a copy of my logs and healthcheck
[ +] I describe the steps I have taken to trouble shoot the problem
[ + ] I describe the steps on how to reproduce the issue
Hi, everyone!
I’m trying to deploy passbolt on my cluster. Unfortunately, I’ve hit an unsolvable error.
I’m using K3s with cert-manager.
There are my configuration files (I masked my domain with domain
).
My values.yaml:
redisDependencyEnabled: false
redis:
auth:
password: my_redis_password
mariadb:
auth:
password: my_mariadb_password
primary:
persistence:
storageClass: openebs-hostpath
secondary:
persistence:
storageClass: openebs-hostpath
passboltEnv:
plain:
APP_FULL_BASE_URL: https://passbolt.domain.net
PASSBOLT_SSL_FORCE: true
secret:
CACHE_CAKE_DEFAULT_PASSWORD: my_redis_password
DATASOURCES_DEFAULT_PASSWORD: my_mariadb_password
app:
# -- Configure pasbolt deployment init container that waits for database
databaseInitContainer:
# -- Toggle pasbolt deployment init container that waits for database
enabled: false
# Allowed options: mariadb, mysql or postgresql
database:
kind: mariadb
cache:
# Use CACHE_CAKE_DEFAULT_* variables to configure the connection to redis instance
# on the passboltEnv configuration section
redis:
# -- By enabling redis the chart will mount a configuration file on /etc/passbolt/app.php
# That instructs passbolt to store sessions on redis and to use it as a general cache.
enabled: false
sentinelProxy:
# -- Inject a haproxy sidecar container configured as a proxy to redis sentinel
# Make sure that CACHE_CAKE_DEFAULT_SERVER is set to '127.0.0.1' to use the proxy
enabled: false
cronJobEmail:
enabled: false
schedule: "* * * * *"
extraPodLabels: {}
# -- Configure passbolt container livenessProbe
livenessProbe:
httpGet:
port: https
scheme: HTTPS
path: /healthcheck/status.json
httpHeaders:
- name: Host
value: my-passbolt.passbolt.svc.cluster.local
initialDelaySeconds: 20
periodSeconds: 10
# -- Configure passbolt container RadinessProbe
readinessProbe:
httpGet:
port: https
scheme: HTTPS
httpHeaders:
- name: Host
value: my-passbolt.passbolt.svc.cluster.local
path: /healthcheck/status.json
initialDelaySeconds: 5
periodSeconds: 10
tls:
# -- Generates a secret with a self-signed cerfificate that is injected on ingress and passbolt container
autogenerate: false
# -- Name of an existing kubernetes secret that contains a SSL certificate to inject on ingress and passbolt container
existingSecret: passbolt-cert-secret
ingress:
# -- Enable passbolt ingress
enabled: true
# -- Configure passbolt ingress annotations
annotations: {}
# -- Configure passbolt ingress hosts
hosts:
- host: passbolt.domain.net
paths:
- path: /
pathType: ImplementationSpecific
# -- Configure passbolt ingress tls
tls:
# If secretname is not empty, the tls entry will use it, otherwise will
# have a default name based on the release
- secretName: passbolt-cert-secret
hosts:
- passbolt.domain.net
My certificate.yaml:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: passbolt-cert-secret
namespace: passbolt
spec:
secretName: passbolt-cert-secret
subject:
organizations:
- domain.net
duration: 2160h # 90d
renewBefore: 360h # 15d
usages:
- digital signature
- key encipherment
dnsNames:
- passbolt.domain.net
issuerRef:
name: letsencrypt
kind: ClusterIssuer
group: cert-manager.io
The certificate is ready and a secret is created.
When I go to any browser and make a request to https://passbolt.domain.net, I get Internal Server Error
and logs show this error.
2024/04/04 23:00:06 [info] 184#184: *8 SSL_do_handshake() failed (SSL: error:0A000412:SSL routines::sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
Could you please tell me what I did wrong?
Full logs:
2024-04-05 00:07:18,511 INFO reaped unknown pid 2777 (exit status 0)
2024-04-05 00:07:18,511 INFO reaped unknown pid 2778 (exit status 0)
2024-04-05 00:07:18,511 INFO reaped unknown pid 2781 (exit status 0)
2024-04-05 00:07:18,511 INFO reaped unknown pid 2782 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:07:18 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
10.42.0.1 - - [05/Apr/2024:00:07:28 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024-04-05 00:07:28,490 INFO reaped unknown pid 2788 (exit status 0)
2024-04-05 00:07:28,490 INFO reaped unknown pid 2787 (exit status 0)
2024-04-05 00:07:28,491 INFO reaped unknown pid 2791 (exit status 0)
2024-04-05 00:07:28,491 INFO reaped unknown pid 2792 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:07:28 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024-04-05 00:07:38,499 INFO reaped unknown pid 2798 (exit status 0)
2024-04-05 00:07:38,499 INFO reaped unknown pid 2797 (exit status 0)
2024-04-05 00:07:38,499 INFO reaped unknown pid 2801 (exit status 0)
2024-04-05 00:07:38,499 INFO reaped unknown pid 2802 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:07:38 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
10.42.0.1 - - [05/Apr/2024:00:07:38 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
10.42.0.1 - - [05/Apr/2024:00:07:48 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024-04-05 00:07:48,499 INFO reaped unknown pid 2808 (exit status 0)
2024-04-05 00:07:48,499 INFO reaped unknown pid 2807 (exit status 0)
2024-04-05 00:07:48,499 INFO reaped unknown pid 2811 (exit status 0)
2024-04-05 00:07:48,499 INFO reaped unknown pid 2812 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:07:48 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
10.42.0.1 - - [05/Apr/2024:00:07:58 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024-04-05 00:07:58,501 INFO reaped unknown pid 2817 (exit status 0)
2024-04-05 00:07:58,501 INFO reaped unknown pid 2818 (exit status 0)
2024-04-05 00:07:58,501 INFO reaped unknown pid 2821 (exit status 0)
2024-04-05 00:07:58,501 INFO reaped unknown pid 2822 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:07:58 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
10.42.0.1 - - [05/Apr/2024:00:08:08 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024-04-05 00:08:08,494 INFO reaped unknown pid 2826 (exit status 0)
2024-04-05 00:08:08,494 INFO reaped unknown pid 2828 (exit status 0)
2024-04-05 00:08:08,494 INFO reaped unknown pid 2831 (exit status 0)
2024-04-05 00:08:08,494 INFO reaped unknown pid 2832 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:08:08 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
10.42.0.1 - - [05/Apr/2024:00:08:18 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024-04-05 00:08:18,498 INFO reaped unknown pid 2837 (exit status 0)
2024-04-05 00:08:18,498 INFO reaped unknown pid 2838 (exit status 0)
2024-04-05 00:08:18,498 INFO reaped unknown pid 2842 (exit status 0)
2024-04-05 00:08:18,498 INFO reaped unknown pid 2841 (exit status 0)
10.42.0.1 - - [05/Apr/2024:00:08:18 +0000] "GET /healthcheck/status.json HTTP/2.0" 200 220 "-" "kube-probe/1.28"
2024/04/05 00:08:22 [info] 181#181: *1057 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:22 [info] 181#181: *1058 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:23 [info] 181#181: *1059 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:23 [info] 181#181: *1060 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:23 [info] 181#181: *1061 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:23 [info] 181#181: *1062 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:23 [info] 181#181: *1063 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443
2024/04/05 00:08:23 [info] 181#181: *1064 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking, client: 10.42.0.34, server: 0.0.0.0:443