Passbolt SSL error

[ :heavy_check_mark:] I have read intro post: About the Installation Issues category
[:heavy_check_mark: ] I have read the tutorials, help and searched for similar issues
[:heavy_check_mark: ] I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi, I have installed passbolt on a digital ocean using the passbolt image on didigtal ocean. I’m running the latest version available and each time ( Yes i deleted and remade multiple droplets to check if I had messed up the config ) I enable SSL on the server, i can not view the webpage and i get the following error.

I have checked if the fullbaseurl is correct and has HTTPS instead of HTTP and is the correct URL( Yes it has HTTPS ) I am using my own domain (Yes it has been sent in the ngnix config as per documentation). Also im using Cloudflare as my DNS dont know if i made a mistake there, but i have seen other do it on tutorial and it worked just fine for them.

I will provide as much information as I can as soon as I can, right now I’m very tired of trying to troubleshoot this mess.

EDIT: When using HTTP and not HTTPS it works fine webpage loads and connections can be made.

After re-installing passbolt and the SSL cert as per passbolt docs using lets encrypt, I took a look at the lets Encrypt logs /etc/log/letsencrypt/letsencrypt.log

Taking a look I saw that Ngnix is being told to respond with a 301 if the host is equal to the domain. Does anybody know why this is the case?

Log File Output.

#  Passbolt.conf - Nginx configuration file to run the Passbolt software.

server {

  # Managed by Passbolt
  server_name <My domain name>;

  client_body_buffer_size     100K;
  client_header_buffer_size   1K;
  client_max_body_size        5M;

  client_body_timeout   10;
  client_header_timeout 10;
  keepalive_timeout     5 5;
  send_timeout          10;

  root /usr/share/php/passbolt/webroot;
  index index.php;
  error_log /var/log/nginx/passbolt-error.log info;
  access_log /var/log/nginx/passbolt-access.log;

  # Managed by Passbolt
  # include __PASSBOLT_SSL__

  location / {
    try_files $uri $uri/ /index.php?$args;

  location ~ \.php$ {
    try_files                $uri =404;
    include                  fastcgi_params;
    fastcgi_pass             unix:/run/php/php8.1-fpm.sock;
    fastcgi_index            index.php;
    fastcgi_intercept_errors on;
    fastcgi_split_path_info  ^(.+\.php)(.+)$;
    fastcgi_param            SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param            SERVER_NAME $http_host;
    fastcgi_param PHP_VALUE  "upload_max_filesize=5M \n post_max_size=5M";

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/<My domain name>/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/<My domain name>/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


server {
    if ($host = <My domain name>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

  listen 80;
  listen [::]:80;
  server_name <My domain name>;
    return 404; # managed by Certbot


At the very end, you can see a server block pointing the domain to a 301?

I have no clue how I managed to make it work but I did.

Troubleshooting that eventually lead to success,

  1. Make sure that the server is accessible over IP, as in you can visit https://<SERVER_IP> and check if the SSL cert assigned to your domain is there and your browser can see it. Your browser might yell at you saying that the SSL certificate cannot be trusted as it was assigned to your domain and not the IP. This is what we want this is good.

  2. Make sure that the fullBaseUrl is set to your domain. As in https://your-domain.tld This is the file that has the fullBaseUrl/etc/passbolt/passbolt.php take a look to confirm and ONLY edit the fullBaseUrl DO NOT touch anything else.

  3. Still if you get the same error as before try re-loading the nginx config a few times. You can use this command, sudo systemctl reload nginx

EDIT: If your using Cloudflare try disabling the proxy on Cloudflare and try