Passbolt stopped working while away

Checklist
[x ] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.):
Raspberry Pi server, running Linux 5.10.103-v71+
[x ] I provide a copy of my logs and healthcheck: will provide in next post
[ x] I describe the steps I have taken to trouble shoot the problem: will describe in next post
[ -] I describe the steps on how to reproduce the issue: not sure, how to reproduce the problem

Healthcheck:

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell

Environment

[PASS] PHP version 8.3.1.
[PASS] PHP version is 8.1 or above.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://192.168.188.34
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in /etc/passbolt/passbolt.php
[HELP] Check the network settings

SSL Certificate

[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 31 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.4.2).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[WARN] The deprecated self registration public setting was found in /etc/passbolt/passbolt.php.
[HELP] You may remove the “passbolt.registration.public” setting.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.

[FAIL] 1 error(s) found. Hang in there!

Problem Description:

last time i used passbolt was the 7.Jan. 2024. Everything looked normal.
Then i went on a vacation until yesterday. When i arrived, the server stopped responding.
The Extension says “An internal error occurred. The server response could not be parsed. Please contact your administrator.”.
When i try the web view, i get an blank page (no text at all) and network analyzer of mozila firefox gives me also HTTP Error Code 500 without any additional information.

My assumption was, that nginx stopped working, so i did restart it, but it didnt help. I then though it was a configuration “messupp” cause of the healthcheck, so i tried ‘https://localhost’ at the base uri in the /etc/passbolt/passbolt.php
It didnt help either.

Please help. I grew an addiction for this beautiful peace of Software :smiley:

Hello @duSa !

To investigate that problem, it would be nice to have a view on the logs you have. This problem could come from many issues that’s why it’s hard to know without more insight.

But before, using https://localhost should not work in the base uri, it should match the URL you have to use as a user to access your Passbolt instance.

I see that you’re using a local network IP address and this is not reachable by your server which is quite surprising honestly.

It could be that the IP address of your server changed (could be due to a reboot somehow) and it doesn’t match anymore.
I suppose you have a router and you might need to configure it to fix the IP address of your Raspberry if it’s not the case already.

To find more logs on your server, please check the following page Passbolt Help | How can I check logs on my server?. In it you can find a section Server logs you can follow (the status-report section can be helpful too).

I would suggest first to try to see if the IP address of your server changed and if it’s the one expected then to share the logs of your server if possible.

Hope it helps.

Hello @Steph,

i am sorry for such a late answer. I was sick the last two weeks.
I solved the problem by routing to http. To bad, that a HTTP500 error code comes, when a TLS problem occurs. The certificate was outdated, or an recent update prevents nginx/passbolt to use self signed certificates.

Problem solved the following way:
I simply changed the https://192… to http:/192… in the config file. Then i was able to connect to the server via web browser. Then i reinstalled all addons on all machines and did a account recovery of all users.

For the logs:
I have an image of the (broken) passbolt server. I could make an image of the current (working) server and go back in time using the (broken) immage, so i can give you the logs. Healthcheck is displayed above.
If you wish so, please give me a list of files that i should send you. Because, i must do that on the weekend, when the server is not being used. I must revert the current (working) server to life before a working day starts in my company.

Thank you very much for your Help.

Hey @saDu888 :wave: !

Don’t worry for that. I hope you feel better now.

Regarding the issue with Passbolt, I’m quite surprised you get a 500 for an SSL issue. Your Passbolt server is probably not crashing for that I think. Yes, the healthcheck does verify the SSL configuration but it’s not directly managed by the Passbolt API itself, the certificate is used by the nginx server provided during the installation of Passbolt (you might have something else than nginx if you customised your setup).

What does your network looks like? Do you have any proxy or did you updated your nginx etc?
I suspect that there is sort of intermediate server between your Passbolt API and your browser extension that produces that 500.

So, first of all, when you received your 500 error message, was this page the default nginx 500 page (or apache depending on your config) or was it a Passbolt API page or something else?

I am getting better. Thank you.

The Passbolt server is simply a Raspberry PI on my local network. Although i have merged two Internet connections into one. I did that with the famous Fritzbox in Germany.
I did not update nginx manually, but i have a cron job to update and upgrade RPI. Maybe nginx was updated that way.
The 500 error message was a blank page. I opend the network analyzer of the firefox to see what was being returned by passbolt. Like i mentioned, the 500 was just in the header, without any other content.
I remember also, that i was able to get the default apache page, when i made a get to the root url (https://192.168.168.34 without the /api/password)

Hope that helps. As I reevaluate this issue, i think i need a better solution than the current fix to use http. Because, if there were someone to sniff my network, he would get the plain data. Even when the passwords are being decrypted on my browser, i do not like the idea, someone can be able to know on which sites i have accounts. Is there maybe more Security issue with http on local network that i am not aware of?

I should think about a longlife solution about this issue…

Regarding the error 500, you can have a look at the log files for both the nginx server and the Passbolt server.

They should be located in:
/var/log/nginx
/var/log/passbolt

In both folders you should find files named error.log and access.log. Could you share all 4 files, so we can have a look and better understand where the problem is placed please?