Rocky Linux Setup - The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again

Installation Issues
1

Hi all, I was setup Passbolt at VMWare virtual instance in to Rocky Linux 8.

Fresh install from scratch, everything goes well on the setup process, but when I want to invite someone, the emails does not goes out.

Im using the option other, to use my internal SMTP Gateway, with out password and plain over the port 25 no TLS, no SSL, old school no cares.

When I wants go to the email setup, it show me the next msg

The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again.

Some one knows what I must to do to fix it ?

Previously I was used Passbolt on AWS, but for lucky the AMI runs fine there, and I never needed do any troubleshoot :slight_smile:

When you must choose the name of the host for the web certificate,I was choose the IP address, and when ask to me for the method of renewal about the cert I put none (I not have publish on internet the server, so how will be for internal purpose and test initialy, I choose http over httpS )

Thanks a lot in advance

Rocky linux OS
Fresh install from scratch
VMWare ESXi instance
All the options across the setup was goes well with no error

2

Hello,

Same problem on Ubuntu 22.04 since upgrade from Passbolt Pro 3.8.0 to 3.8.1.

I have already reconfigured my SMTP server on web interface since the first error.

Regards,

1 Like
3

You fix it ? or how you fix these issue ? the problem es no email goes out from Passbolt with these error !! :frowning:

4

Also see this Passbolt Help | Why are my emails not being sent?

@rtoriel Did you reconfigure the SMTP settings in the UI yet? It’s a new section for admin users.

5

Hello @rtoriel,

This issue could happen if the server key have been rotated, which is probably not your case here as it’s a fresh install.

Could you confirm:

  • you are running a v3.8.1, this last version ships with bug fixes regarding the new plugin SMTP settings.
  • you are not able to reconfigure SMTP settings via the administration settings http://your-passbolt-domain/app/administration/smtp-settings. If it’s the case, could you provide with your passbolt error log, usually in /var/log/passbolt/error.log.

The healthcheck of your instance will also be helpful to understand the issue, you can obtain it running the following command:
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=youremail@domain.com"

On rocky the nginx user might be nginx.

6

Nop, when I want to do that, show me the error that I posted here. ( Im an admin user )

7

Yes I confirm that I’m using the last version fresh install 10hs before I posted here, installed from here

Send Test Email

e[3Je[He[2Je]0;root@svr-passbolt:~a[root@svr-passbolt ~]# clearsudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=rtoriel@ycc.com.ar"

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Debug email shell
-------------------------------------------------------------------------------
e[36mEmail configuratione[0m
-------------------------------------------------------------------------------
Host: 192.168.11.11
Port: 25
Username: 
Password: *********
TLS: false
Sending email from: Passbolt Server <passbolt@ycc.com.ar>
Sending email to: rtoriel@ycc.com.ar
-------------------------------------------------------------------------------
e[36mTracee[0m
[220] svr-emailgw.ycc.lan ESMTP Postfix
e[36m EHLO localhoste[0m
[250] svr-emailgw.ycc.lan
[250] PIPELINING
[250] SIZE 133169152
[250] ETRN
[250] STARTTLS
[250] ENHANCEDSTATUSCODES
[250] 8BITMIME
[250] DSN
[250] SMTPUTF8
[250] CHUNKING
e[36m MAIL FROM:<passbolt@ycc.com.ar>e[0m
[250] 2.1.0 Ok
e[36m RCPT TO:<rtoriel@ycc.com.ar>e[0m
[250] 2.1.5 Ok
e[36m DATAe[0m
[354] End data with <CR><LF>.<CR><LF>
e[36m From: Passbolt Server <passbolt@ycc.com.ar>

To: rtoriel@ycc.com.ar

Date: Tue, 22 Nov 2022 00:11:45 +0000

Message-ID: <72038d97abc9490f8e3ca2fe2fad2afd@svr-passbolt>

Subject: Passbolt test email

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit



Congratulations!

If you receive this email, it means that your passbolt smtp configuration is working fine.









.e[0m
[250] 2.0.0 Ok: queued as 4NGLPS3z3RzCS4B
e[36m QUITe[0m
e[32mThe message has been successfully sent!e[0m
e]0;root@svr-passbolt:~a[root@svr-passbolt ~]#

Passbolt error log

2022-11-22 00:03:26 warning: Warning (2): file_get_contents(/etc/passbolt/gpg/serverkey.asc): Failed to open stream: No such file or directory in [/usr/share/php/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 456]
2022-11-22 00:03:26 warning: Warning (2): file_get_contents(/etc/passbolt/gpg/serverkey_private.asc): Failed to open stream: No such file or directory in [/usr/share/php/passbolt/src/Utility/Healthchecks/GpgHealthchecks.php, line 458]
2022-11-22 00:03:53 error: Connection to Mysql could not be established: SQLSTATE[HY000] [1130] Host 'passbolt.ycc.com.ar' is not allowed to connect to this MariaDB server
2022-11-22 00:05:00 error: [Cake\Routing\Exception\MissingRouteException] A route matching "/img/controls/chevron-down_blue.svg" could not be found. in /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/RouteCollection.php on line 197
Request URL: /img/controls/chevron-down_blue.svg
Referer URL: http://192.168.11.14/css/themes/default/api_webinstaller.min.css?v=3.8.0
Client IP: 192.168.10.250


2022-11-22 00:05:11 warning: Warning (2): Undefined array key "options" in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/templates/Config/passbolt.php, line 32]
2022-11-22 00:05:11 warning: Warning (2): Trying to access array offset on value of type null in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/templates/Config/passbolt.php, line 32]
2022-11-22 00:05:11 warning: Warning (2): Undefined array key "options" in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/templates/Config/passbolt.php, line 60]
2022-11-22 00:05:11 warning: Warning (2): Trying to access array offset on value of type null in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/templates/Config/passbolt.php, line 60]
2022-11-22 00:05:11 warning: Warning (2): Undefined array key "options" in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/templates/Config/passbolt.php, line 63]
2022-11-22 00:05:11 warning: Warning (2): Trying to access array offset on value of type null in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/templates/Config/passbolt.php, line 63]
2022-11-22 00:05:11 warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/src/Service/WebInstallerChangeConfigFolderPermissionService.php, line 52]
2022-11-22 00:05:11 warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/src/Service/WebInstallerChangeConfigFolderPermissionService.php, line 52]
2022-11-22 00:05:11 warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/src/Service/WebInstallerChangeConfigFolderPermissionService.php, line 52]
2022-11-22 00:05:11 warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/src/Service/WebInstallerChangeConfigFolderPermissionService.php, line 52]
2022-11-22 00:05:11 warning: Warning (2): chmod(): Operation not permitted in [/usr/share/php/passbolt/plugins/PassboltCe/WebInstaller/src/Service/WebInstallerChangeConfigFolderPermissionService.php, line 52]
2022-11-22 00:07:42 error: [Cake\Http\Exception\InternalErrorException] The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. La clave 3C7A09C1051607E66BA7997D697C601BE38011BF no se puede usar para desencriptar. in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 114
Request URL: /smtp/settings.json?api-version=v2
Referer URL: http://192.168.11.14/app/administration/smtp-settings
Client IP: 192.168.10.250


2022-11-22 00:07:42 error: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. La clave 3C7A09C1051607E66BA7997D697C601BE38011BF no se puede usar para desencriptar.
2022-11-22 00:07:42 error: #0 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php(79): Passbolt\SmtpSettings\Service\SmtpSettingsGetSettingsInDbService->decrypt()
#1 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php(42): Passbolt\SmtpSettings\Service\SmtpSettingsGetSettingsInDbService->readConfigInDB()
#2 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetService.php(87): Passbolt\SmtpSettings\Service\SmtpSettingsGetSettingsInDbService->getSettings()
#3 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetService.php(76): Passbolt\SmtpSettings\Service\SmtpSettingsGetService->readConfigInDb()
#4 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetService.php(57): Passbolt\SmtpSettings\Service\SmtpSettingsGetService->readConfigInDbOrFile()
#5 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Controller/SmtpSettingsGetController.php(33): Passbolt\SmtpSettings\Service\SmtpSettingsGetService->getSettings()
#6 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/Controller.php(539): Passbolt\SmtpSettings\Controller\SmtpSettingsGetController->get()
#7 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php(140): Cake\Controller\Controller->invokeAction()
#8 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php(115): Cake\Controller\ControllerFactory->handle()
#9 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/BaseApplication.php(317): Cake\Controller\ControllerFactory->invoke()
#10 /usr/share/php/passbolt/src/Application.php(131): Cake\Http\BaseApplication->handle()
#11 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(77): App\Application->handle()
#12 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/SecurityHeadersMiddleware.php(255): Cake\Http\Runner->handle()
#13 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\SecurityHeadersMiddleware->process()
#14 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php(174): Cake\Http\Runner->handle()
#15 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\CsrfProtectionMiddleware->process()
#16 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtCsrfDetectionMiddleware.php(55): Cake\Http\Runner->handle()
#17 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtCsrfDetectionMiddleware->process()
#18 /usr/share/php/passbolt/src/Middleware/GpgAuthHeadersMiddleware.php(40): Cake\Http\Runner->handle()
#19 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\GpgAuthHeadersMiddleware->process()
#20 /usr/share/php/passbolt/plugins/PassboltCe/Locale/src/Middleware/LocaleMiddleware.php(47): Cake\Http\Runner->handle()
#21 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\Locale\Middleware\LocaleMiddleware->process()
#22 /usr/share/php/passbolt/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php(124): Cake\Http\Runner->handle()
#23 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Authentication\Middleware\AuthenticationMiddleware->process()
#24 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtDestroySessionMiddleware.php(43): Cake\Http\Runner->handle()
#25 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtDestroySessionMiddleware->process()
#26 /usr/share/php/passbolt/src/Middleware/SessionAuthPreventDeletedUsersMiddleware.php(46): Cake\Http\Runner->handle()
#27 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\SessionAuthPreventDeletedUsersMiddleware->process()
#28 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php(157): Cake\Http\Runner->handle()
#29 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\BodyParserMiddleware->process()
#30 /usr/share/php/passbolt/src/Middleware/SessionPreventExtensionMiddleware.php(66): Cake\Http\Runner->handle()
#31 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\SessionPreventExtensionMiddleware->process()
#32 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtRouteFilterMiddleware.php(47): Cake\Http\Runner->handle()
#33 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtRouteFilterMiddleware->process()
#34 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtAuthDetectionMiddleware.php(58): Cake\Http\Runner->handle()
#35 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtAuthDetectionMiddleware->process()
#36 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php(161): Cake\Http\Runner->handle()
#37 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\RoutingMiddleware->process()
#38 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php(77): Cake\Http\Runner->handle()
#39 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\AssetMiddleware->process()
#40 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(126): Cake\Http\Runner->handle()
#41 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Error\Middleware\ErrorHandlerMiddleware->process()
#42 /usr/share/php/passbolt/src/Middleware/ContentSecurityPolicyMiddleware.php(39): Cake\Http\Runner->handle()
#43 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\ContentSecurityPolicyMiddleware->process()
#44 /usr/share/php/passbolt/src/Middleware/ContainerInjectorMiddleware.php(54): Cake\Http\Runner->handle()
#45 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\ContainerInjectorMiddleware->process()
#46 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(58): Cake\Http\Runner->handle()
#47 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Server.php(90): Cake\Http\Runner->run()
#48 /usr/share/php/passbolt/webroot/index.php(40): Cake\Http\Server->run()
#49 {main}
2022-11-22 00:07:48 error: [Cake\Http\Exception\InternalErrorException] The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. La clave 3C7A09C1051607E66BA7997D697C601BE38011BF no se puede usar para desencriptar. in /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php on line 114
Request URL: /smtp/settings.json?api-version=v2
Referer URL: http://192.168.11.14/app/administration/smtp-settings
Client IP: 192.168.10.250


2022-11-22 00:07:48 error: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. La clave 3C7A09C1051607E66BA7997D697C601BE38011BF no se puede usar para desencriptar.
2022-11-22 00:07:48 error: #0 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php(79): Passbolt\SmtpSettings\Service\SmtpSettingsGetSettingsInDbService->decrypt()
#1 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php(42): Passbolt\SmtpSettings\Service\SmtpSettingsGetSettingsInDbService->readConfigInDB()
#2 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetService.php(87): Passbolt\SmtpSettings\Service\SmtpSettingsGetSettingsInDbService->getSettings()
#3 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetService.php(76): Passbolt\SmtpSettings\Service\SmtpSettingsGetService->readConfigInDb()
#4 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetService.php(57): Passbolt\SmtpSettings\Service\SmtpSettingsGetService->readConfigInDbOrFile()
#5 /usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Controller/SmtpSettingsGetController.php(33): Passbolt\SmtpSettings\Service\SmtpSettingsGetService->getSettings()
#6 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/Controller.php(539): Passbolt\SmtpSettings\Controller\SmtpSettingsGetController->get()
#7 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php(140): Cake\Controller\Controller->invokeAction()
#8 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php(115): Cake\Controller\ControllerFactory->handle()
#9 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/BaseApplication.php(317): Cake\Controller\ControllerFactory->invoke()
#10 /usr/share/php/passbolt/src/Application.php(131): Cake\Http\BaseApplication->handle()
#11 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(77): App\Application->handle()
#12 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/SecurityHeadersMiddleware.php(255): Cake\Http\Runner->handle()
#13 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\SecurityHeadersMiddleware->process()
#14 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php(174): Cake\Http\Runner->handle()
#15 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\CsrfProtectionMiddleware->process()
#16 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtCsrfDetectionMiddleware.php(55): Cake\Http\Runner->handle()
#17 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtCsrfDetectionMiddleware->process()
#18 /usr/share/php/passbolt/src/Middleware/GpgAuthHeadersMiddleware.php(40): Cake\Http\Runner->handle()
#19 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\GpgAuthHeadersMiddleware->process()
#20 /usr/share/php/passbolt/plugins/PassboltCe/Locale/src/Middleware/LocaleMiddleware.php(47): Cake\Http\Runner->handle()
#21 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\Locale\Middleware\LocaleMiddleware->process()
#22 /usr/share/php/passbolt/vendor/cakephp/authentication/src/Middleware/AuthenticationMiddleware.php(124): Cake\Http\Runner->handle()
#23 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Authentication\Middleware\AuthenticationMiddleware->process()
#24 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtDestroySessionMiddleware.php(43): Cake\Http\Runner->handle()
#25 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtDestroySessionMiddleware->process()
#26 /usr/share/php/passbolt/src/Middleware/SessionAuthPreventDeletedUsersMiddleware.php(46): Cake\Http\Runner->handle()
#27 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\SessionAuthPreventDeletedUsersMiddleware->process()
#28 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php(157): Cake\Http\Runner->handle()
#29 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Http\Middleware\BodyParserMiddleware->process()
#30 /usr/share/php/passbolt/src/Middleware/SessionPreventExtensionMiddleware.php(66): Cake\Http\Runner->handle()
#31 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\SessionPreventExtensionMiddleware->process()
#32 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtRouteFilterMiddleware.php(47): Cake\Http\Runner->handle()
#33 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtRouteFilterMiddleware->process()
#34 /usr/share/php/passbolt/plugins/PassboltCe/JwtAuthentication/src/Middleware/JwtAuthDetectionMiddleware.php(58): Cake\Http\Runner->handle()
#35 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Passbolt\JwtAuthentication\Middleware\JwtAuthDetectionMiddleware->process()
#36 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php(161): Cake\Http\Runner->handle()
#37 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\RoutingMiddleware->process()
#38 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php(77): Cake\Http\Runner->handle()
#39 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Routing\Middleware\AssetMiddleware->process()
#40 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php(126): Cake\Http\Runner->handle()
#41 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): Cake\Error\Middleware\ErrorHandlerMiddleware->process()
#42 /usr/share/php/passbolt/src/Middleware/ContentSecurityPolicyMiddleware.php(39): Cake\Http\Runner->handle()
#43 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\ContentSecurityPolicyMiddleware->process()
#44 /usr/share/php/passbolt/src/Middleware/ContainerInjectorMiddleware.php(54): Cake\Http\Runner->handle()
#45 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(73): App\Middleware\ContainerInjectorMiddleware->process()
#46 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Runner.php(58): Cake\Http\Runner->handle()
#47 /usr/share/php/passbolt/vendor/cakephp/cakephp/src/Http/Server.php(90): Cake\Http\Runner->run()
#48 /usr/share/php/passbolt/webroot/index.php(40): Cake\Http\Server->run()
#49 {main}

Thanks in advance

8

Hi, I must wait that some admin approve my post where I leave the log of the email test and the passbolt.log

9

@rtoriel just unblocked it for you, sorry for the delay.

10

Hey @rtoriel,

I pasted you the wrong command, but it gives us information about what could be the potential problem here. Here the proper command to get the healtcheck of you instance:
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healtcheck"

I bet there is permission issue on the server keys folder, can you check them with the following command:
ls -alh /etc/passbolt/gpg

11

Hi !

Same problem here. We upgraded this morning to the lastest version

 Open source password manager for teams
-------------------------------------------------------------------------------
Passbolt CE 3.8.1
Cakephp 4.3.7

Sometimes cronjob send me an email with a GPG error:

Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

I have updated the mail configuration, but the error is still here.

I checked the GPG file permission, everything is fine.

How can I fix this ?

12

Thats Ok, no problem, rules are rules :slight_smile:

13

healthcheck

e]0;root@svr-passbolt:/home/passbolta[root@svr-passbolt passbolt]# sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell.........         
-------------------------------------------------------------------------------

 Environment

 e[32m[PASS]e[0m PHP version 8.1.12.
 e[32m[PASS]e[0m PCRE compiled with unicode support.
 e[32m[PASS]e[0m The temporary directory and its content are writable and not executable.
 e[32m[PASS]e[0m The logs directory and its content are writable.
 e[32m[PASS]e[0m GD or Imagick extension is installed.
 e[32m[PASS]e[0m Intl extension is installed.
 e[32m[PASS]e[0m Mbstring extension is installed.

 Config files

 e[32m[PASS]e[0m The application config file is present
 e[32m[PASS]e[0m The passbolt config file is present

 Core config

 e[32m[PASS]e[0m Debug mode is off.
 e[32m[PASS]e[0m Cache is working.
 e[32m[PASS]e[0m Unique value set for security.salt
 e[32m[PASS]e[0m Full base url is set to 
 e[31m[FAIL] App.fullBaseUrl does not validate. .e[0m
 e[36m[HELP]e[0m Edit App.fullBaseUrl in config/passbolt.php
 e[36m[HELP]e[0m Select a valid domain name as defined by section 2.3.1 of http://www.ietf.org/rfc/rfc1035.txt
 e[31m[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrle[0m
 e[36m[HELP]e[0m Check that the domain name is correct in config/passbolt.php
 e[36m[HELP]e[0m Check the network settings

 SSL Certificate

 e[31m[FAIL] SSL peer certificate does not validatee[0m
 e[31m[FAIL] Hostname does not match when validating certificates.e[0m
 e[33m[WARN] Using a self-signed certificatee[0m
 e[36m[HELP]e[0m Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
 e[36m[HELP]e[0m The source URI string appears to be malformed

 Database

 e[32m[PASS]e[0m The application is able to connect to the database
 e[32m[PASS]e[0m 26 tables found
 e[32m[PASS]e[0m Some default content is present
 e[32m[PASS]e[0m The database schema up to date.

 GPG Configuration

 e[32m[PASS]e[0m PHP GPG Module is installed and loaded.
 e[32m[PASS]e[0m The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 e[32m[PASS]e[0m The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 e[32m[PASS]e[0m The server OpenPGP key is not the default one
 e[32m[PASS]e[0m The public key file is defined in config/passbolt.php and readable.
 e[32m[PASS]e[0m The private key file is defined in config/passbolt.php and readable.
 e[32m[PASS]e[0m The server key fingerprint matches the one defined in config/passbolt.php.
 e[32m[PASS]e[0m The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 e[32m[PASS]e[0m There is a valid email id defined for the server key.
 e[32m[PASS]e[0m The public key can be used to encrypt a message.
 e[32m[PASS]e[0m The private key can be used to sign a message.
 e[32m[PASS]e[0m The public and private keys can be used to encrypt and sign a message.
 e[32m[PASS]e[0m The private key can be used to decrypt a message.
 e[32m[PASS]e[0m The private key can be used to decrypt and verify a message.
 e[32m[PASS]e[0m The public key can be used to verify a signature.
 e[32m[PASS]e[0m The server public key format is Gopengpg compatible.
 e[32m[PASS]e[0m The server private key format is Gopengpg compatible.

 Application configuration

 e[31m[FAIL] This installation is not up to date. Currently using 3.8.0 and it should be v3.8.1.e[0m
 e[36m[HELP]e[0m See. https://www.passbolt.com/help/tech/update
 e[31m[FAIL] Passbolt is not configured to force SSL use.e[0m
 e[36m[HELP]e[0m Set passbolt.ssl.force to true in config/passbolt.php.
 e[31m[FAIL] App.fullBaseUrl is not set to HTTPS.e[0m
 e[36m[HELP]e[0m Check App.fullBaseUrl url scheme in config/passbolt.php.
 e[32m[PASS]e[0m Selenium API endpoints are disabled.
 e[32m[PASS]e[0m Search engine robots are told not to index content.
 e[32m[PASS]e[0m Registration is closed, only administrators can add users.
 e[32m[PASS]e[0m Serving the compiled version of the javascript app
 e[32m[PASS]e[0m All email notifications will be sent.

 JWT Authentication

 e[32m[PASS]e[0m The JWT Authentication plugin is enabled
 e[32m[PASS]e[0m The /etc/passbolt/jwt/ directory is not writable.
 e[32m[PASS]e[0m A valid JWT key pair was found

 SMTP Settings

 e[32m[PASS]e[0m The SMTP Settings plugin is enabled.
 e[32m[PASS]e[0m SMTP Settings coherent. You may send a test email to validate them.
 e[32m[PASS]e[0m The SMTP Settings source is: database.

 e[31m[FAIL] 7 error(s) found. Hang in there!e[0m

Permissions

e]0;root@svr-passbolt:/home/passbolta[root@svr-passbolt passbolt]# ls -alh /etc/passbolt/gpg
total 16K
drwxrwx---. 2 root  nginx   56 Nov 21 21:05 e[0me[01;34m.e[0m
drwxrwx---. 7 root  nginx 4.0K Nov 21 21:05 e[01;34m..e[0m
-r--r-----. 1 nginx nginx 2.5K Nov 21 21:05 serverkey.asc
-r--r-----. 1 nginx nginx 5.1K Nov 21 21:05 serverkey_private.asc
14

Hi @rtoriel,

Sometimes cronjob send me an email with a GPG error.
To confirm, it is not every time, just sometimes?

Can you check that:

  • The cronjob is setup to run with nginx user
  • That there is no SELinux policy preventing access of nginx to gnupg via cron

In the meantime if you want to restore email sending, you can delete the configuration entry in the organization_settings in the database, so that it falls back on file.

15

I also just got this error on Ubuntu 20.04. I’ve been running Passbolt for 6 months and it’s been working well. I did an apt upgrade today, upgrading passbolt-ce-server from version 3.8.0-2 to 3.8.1-1. It reported no errors.

90 minutes later as a passbolt cron job ran it produced the error message mentioned above

Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

I visited the link that @cedric mentions above to the Admin UI. Everything looked correct. I switched the IP 127.0.0.1 to 127.0.0.2 and then back to 127.0.0.1 (in order to enable the Send test email button). I sent a test email and it came through fine.

I’m unclear on what this error message means or what I should do to address it.

Edit : Indeed, I’m getting this same email from passbolt every 4 hours now (I imagine when that cron job runs)

16

Hi @gene ,

thanks for reporting your issue. In order to help us narrowing down the issue, could you tell if the emails are generally correctly sent? Not only by sending a test email, but e.g. when sharing a password, or anything that generally triggers an email according to your email settings?

Thanks!

17

Sorry for the late, I start from scratch again, an now show me this error on the setup process

Untitled
Untitled1605×583 11.8 KB

Really I do not understand, its possible that Rocky be not compatible with Passbolt ?

18

The cronetab are empty, and the SELinux are disabled

19

Some one knows any way to fix that ?
starting from scratch showme the error on my last image when wany setup the server via web browser
so can’t even finish the installation process

20

@rtoriel are you using https? Doing the setup process using a http address?