Rocky Linux Setup - The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again

Hi @rtoriel,

Sometimes cronjob send me an email with a GPG error.
To confirm, it is not every time, just sometimes?

Can you check that:

  • The cronjob is setup to run with nginx user
  • That there is no SELinux policy preventing access of nginx to gnupg via cron

In the meantime if you want to restore email sending, you can delete the configuration entry in the organization_settings in the database, so that it falls back on file.

I also just got this error on Ubuntu 20.04. I’ve been running Passbolt for 6 months and it’s been working well. I did an apt upgrade today, upgrading passbolt-ce-server from version 3.8.0-2 to 3.8.1-1. It reported no errors.

90 minutes later as a passbolt cron job ran it produced the error message mentioned above

Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

I visited the link that @cedric mentions above to the Admin UI. Everything looked correct. I switched the IP 127.0.0.1 to 127.0.0.2 and then back to 127.0.0.1 (in order to enable the Send test email button). I sent a test email and it came through fine.

I’m unclear on what this error message means or what I should do to address it.

Edit : Indeed, I’m getting this same email from passbolt every 4 hours now (I imagine when that cron job runs)

Hi @gene ,

thanks for reporting your issue. In order to help us narrowing down the issue, could you tell if the emails are generally correctly sent? Not only by sending a test email, but e.g. when sharing a password, or anything that generally triggers an email according to your email settings?

Thanks!

Sorry for the late, I start from scratch again, an now show me this error on the setup process

Really I do not understand, its possible that Rocky be not compatible with Passbolt ?

The cronetab are empty, and the SELinux are disabled

Some one knows any way to fix that ?
starting from scratch showme the error on my last image when wany setup the server via web browser
so can’t even finish the installation process

@rtoriel are you using https? Doing the setup process using a http address?

Hi Im using http (no ssl) during the setup process.

into the CLI setup process when the wizard ask for use or not SSL to create the cert, I use NO, why ? because I have not published my Passbolt server to can Letsencrypt validate the URL, or the /root folder to create the certificate.

So I continue using NO ssl.

Now change from Rocky linux dist, to Ubuntu distribution and the setup process goes fine and I not have the issue of the key to decrypt.

May be is an issue with the wizar for Rocky Linux or Redhat linux related ( CentOS ).

No hay have other issue, after change the server name into the ngnix conf file, and add two FQDNs the ngnix show me 502 bad gateway. :frowning:

Same problem here, but not while installation process… Everything was working fine until the last debian package upgrade (Debian 10.5).
Cron is working fine, the health check is fine also. When I try to reconfigure mail server in the interface, it’s correctly saved.
But, got still this error every hours : Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

Hello,
I just installed a fresh RockyLinux 8 server and successfully installed Passbolt CE, so RockyLinux 8 is compatible with Passbolt.

As your issue seems to be related to having not enough entropy to create the keys, during the installation of the package, it is recommanded to install Haveged to speed up the entropy generation.

  • Have you installed Haveged?

  • Can you check if the time of your servers is in sync with your client (browser) ?

  • Can you check the keyring rights
    ls -ail /var/lib/passbolt/.gnupg

  • Can you check if some keys are inside the keyring?
    sudo -H -u www-data bash -c "gpg --homedir /var/lib/passbolt/.gnupg --list-keys"

Thanks in advance.

@JulianH it’s happening specifically every hours, like on the clock? We’re not able to reproduce this issue here at the moment, if you have time to spare with us please contact us on support@passbolt.com this way we can have a look also and see what may be causing this.

https://community.passbolt.com/t/issue-with-gnupg-decryption-in-cron-job-emails-not-sent/6130/2

I don’t know if it can be related, but there is no TTY in a cron job environment.

I don’t think it’s related because passbolt access gnupg via libgpgme not the command line.

Hi, well, I installed from scratch into an ubuntu server and now is working, created one .conf file for ngnix for each FQDN that I want to publish internaly the server (like IP address, and other for 2 different FQDNs), and fixed the 502 error from ngnix

I can’t give you now the the information that you are asking me about the right on the keyring, because the vm that Im using for passbolt is not any more with passbol on Rocky Linux !!..

Thank’s all for caring in trying to solve the problem.

Regards !!

Solved for me since last upgrade. Well done guys !

2 Likes

Thanks for the feedback @JulianH, for the record, you had the exact same issue? RockyLinux?

@max it was not through Rocky Linux. My setup is a Passbolt instance which is running since at least 2 years on Debian 10.
And It was not on an installation, it was really on a running instance. That’s why I am sure this bug comes with the last (not the one of this week) upgrade. Problems started exactly here :

2022-11-28 09:53:48 upgrade passbolt-ce-server:all 3.7.3-1 3.8.1-1
2022-11-28 09:53:48 status half-configured passbolt-ce-server:all 3.7.3-1
2022-11-28 09:53:48 status unpacked passbolt-ce-server:all 3.7.3-1
2022-11-28 09:53:48 status half-installed passbolt-ce-server:all 3.7.3-1
2022-11-28 09:54:01 status unpacked passbolt-ce-server:all 3.8.1-1
2022-11-28 09:56:37 configure passbolt-ce-server:all 3.8.1-1 <none>
2022-11-28 09:56:37 status unpacked passbolt-ce-server:all 3.8.1-1
2022-11-28 09:56:42 status half-configured passbolt-ce-server:all 3.8.1-1
2022-11-28 09:56:43 status installed passbolt-ce-server:all 3.8.1-1

==>

Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

@pabloelcolombiano , I ended up upgrading from version 3.8.1-1 to version 3.8.3-1 on December 2nd and it resolved the issue. The email alerts from cron stopped.

1 Like