Rocky Linux Setup - The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again

rtoriel · November 29, 2022, 4:41pm

Hi Im using http (no ssl) during the setup process.

into the CLI setup process when the wizard ask for use or not SSL to create the cert, I use NO, why ? because I have not published my Passbolt server to can Letsencrypt validate the URL, or the /root folder to create the certificate.

So I continue using NO ssl.

rtoriel · November 29, 2022, 4:44pm

Now change from Rocky linux dist, to Ubuntu distribution and the setup process goes fine and I not have the issue of the key to decrypt.

May be is an issue with the wizar for Rocky Linux or Redhat linux related ( CentOS ).

No hay have other issue, after change the server name into the ngnix conf file, and add two FQDNs the ngnix show me 502 bad gateway.

JulianH · November 30, 2022, 10:54am

Same problem here, but not while installation process… Everything was working fine until the last debian package upgrade (Debian 10.5).
Cron is working fine, the health check is fine also. When I try to reconfigure mail server in the interface, it’s correctly saved.
But, got still this error every hours : Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

antony · November 30, 2022, 11:00am

Hello,
I just installed a fresh RockyLinux 8 server and successfully installed Passbolt CE, so RockyLinux 8 is compatible with Passbolt.

As your issue seems to be related to having not enough entropy to create the keys, during the installation of the package, it is recommanded to install Haveged to speed up the entropy generation.

Have you installed Haveged?
Can you check if the time of your servers is in sync with your client (browser) ?
Can you check the keyring rights
ls -ail /var/lib/passbolt/.gnupg
Can you check if some keys are inside the keyring?
sudo -H -u www-data bash -c "gpg --homedir /var/lib/passbolt/.gnupg --list-keys"

Thanks in advance.

remy · November 30, 2022, 11:13am

@JulianH it’s happening specifically every hours, like on the clock? We’re not able to reproduce this issue here at the moment, if you have time to spare with us please contact us on support@passbolt.com this way we can have a look also and see what may be causing this.

remy · November 30, 2022, 1:10pm

https://community.passbolt.com/t/issue-with-gnupg-decryption-in-cron-job-emails-not-sent/6130/2

AnatomicJC · November 30, 2022, 1:38pm

I don’t know if it can be related, but there is no TTY in a cron job environment.

remy · November 30, 2022, 1:40pm

I don’t think it’s related because passbolt access gnupg via libgpgme not the command line.

rtoriel · November 30, 2022, 11:39pm

Hi, well, I installed from scratch into an ubuntu server and now is working, created one .conf file for ngnix for each FQDN that I want to publish internaly the server (like IP address, and other for 2 different FQDNs), and fixed the 502 error from ngnix

I can’t give you now the the information that you are asking me about the right on the keyring, because the vm that Im using for passbolt is not any more with passbol on Rocky Linux !!..

Thank’s all for caring in trying to solve the problem.

Regards !!

JulianH · December 2, 2022, 9:05am

Solved for me since last upgrade. Well done guys !

max · December 2, 2022, 9:09am

Thanks for the feedback @JulianH, for the record, you had the exact same issue? RockyLinux?

JulianH · December 2, 2022, 9:22am

@max it was not through Rocky Linux. My setup is a Passbolt instance which is running since at least 2 years on Debian 10.
And It was not on an installation, it was really on a running instance. That’s why I am sure this bug comes with the last (not the one of this week) upgrade. Problems started exactly here :

2022-11-28 09:53:48 upgrade passbolt-ce-server:all 3.7.3-1 3.8.1-1
2022-11-28 09:53:48 status half-configured passbolt-ce-server:all 3.7.3-1
2022-11-28 09:53:48 status unpacked passbolt-ce-server:all 3.7.3-1
2022-11-28 09:53:48 status half-installed passbolt-ce-server:all 3.7.3-1
2022-11-28 09:54:01 status unpacked passbolt-ce-server:all 3.8.1-1
2022-11-28 09:56:37 configure passbolt-ce-server:all 3.8.1-1 <none>
2022-11-28 09:56:37 status unpacked passbolt-ce-server:all 3.8.1-1
2022-11-28 09:56:42 status half-configured passbolt-ce-server:all 3.8.1-1
2022-11-28 09:56:43 status installed passbolt-ce-server:all 3.8.1-1

==>

Exception: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed.
In [/usr/share/php/passbolt/plugins/PassboltCe/SmtpSettings/src/Service/SmtpSettingsGetSettingsInDbService.php, line 114]

gene · December 6, 2022, 8:11pm

@pabloelcolombiano , I ended up upgrading from version 3.8.1-1 to version 3.8.3-1 on December 2nd and it resolved the issue. The email alerts from cron stopped.