Problem after migration to new server: "We sent you a link to verify your email"

Hi all,

i’m facing a problem after migrating on a different machine. Here’s the details:

  1. I Installed passbolt API from source
  2. I’m using Apache and not Nginx
  3. I followed migration passbolt instruction: copied all files, imported keys and sql dump.

Executing healthcheck non particular error, only some warnings. Executed cleanup and datacheck. No errors.

When i open passbolt portal:

  • ogged in with my user (not administrator)

  • message “We sent you a link to verify your emai”

  • Ask me a key:

I expected to be able to access the passbolt portal with my user account without any particular problems, check or similar. Why does this verification procedure start and ask me for a key? I cannot figure out where I can possibly retrieve this key (for that particular user, that is not administrator). The users on the database are regularly present and there do not seem to be any apparent inconsistencies in the data.

Others details:
previous versions of php and passbolt (old server): php 7.4; passbolt 3.1.0
current versions of php and passbolt (new server): php 8.0; passbolt 4.2.0 (latest)

Can you help me?

Here’s healthcheck details:

/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/ _

Open source password manager for teams

Healthcheck shell


[PASS] PHP version 8.0.27.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[WARN] SSL peer certificate does not validate
[WARN] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check Passbolt Help | Troubleshoot SSL
[HELP] cURL Error (60) SSL certificate problem: self-signed certificate in certificate chain


[PASS] The application is able to connect to the database
[PASS] 32 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /usr/share/httpd/.gnupg.
[PASS] The directory /usr/share/httpd/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The private key file is defined in /var/www/passbolt/config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /var/www/passbolt/config/passbolt.php.
[PASS] The server public key defined in the /var/www/passbolt/config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.

Application configuration

[PASS] Using latest passbolt version (4.2.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /var/www/passbolt/config/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set to true in /var/www/passbolt/config/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.

JWT Authentication

[PASS] The JWT Authentication plugin is enabled
[PASS] The /var/www/passbolt/config/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found

SMTP Settings

[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Or set to true in /var/www/passbolt/config/passbolt.php.

[PASS] No error found. Nice one sparky!


Another detail: with that user, on the old server, i use a Passphrase and not a key.

Hey @frenkell welcome to the forum!

What you are describing is expected here. When you sign in on either a new device or when connecting to a different URL you’ll be asked for this key.

When you originally set up your account you would have downloaded a recovery kit, this is what this is asking for. Do you recall where you have that saved?

Thanks Clayton!

it’s just what i needed to know. I was afraid it was some kind of configuration problem. So I’ll find the recovery kit!