SMTP server error after rotating server key

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

I’m successfully install passbolt and when I try to sign back into the admin account, the server key cannot be verified so I make server key rotation following this guide here
After that I am able to login into my admin account but when I make ./bin/cake passbolt healthcheck for NGINX, I found this error:

Capturet911×350 97.5 KB

The other two error are ssl and https is not put in the passbolt.php.

What is the step to configure the smtp server again? Is it inside of the passbolt.php and if so what line should I put. Thanks in advance.

Hey,

When you are saving the SMTP credentials inside the UI, those are stored encrypted with the server key.
If later on, you rotate your server keys, then you won’t be able to decrypt them, so you need to go to the interface and enter it again.

Let us know

Does it mean that I need to install it in the UI in web browser again? I’m using Oracle Linux 8.5 via Virtual Box and nginx and also mariadb as database.

No no, that means that you need to go to /app/administration/smtp-settings
And enter again the SMTP credentials it will be encrypted again in database with the new public server key.
Then once done, you can check that all is green in your healthcheck

Alright. I have one more question when I’m installing passbolt, I create GnuPG key without passphrase according to the guide that passbolt provide but when I finish installing it prompt “Welcome to passbolt, please select a passphrase”. So is this passphrase is fine to be created or I need to enter existing private key instead.

So the GPG key without the passphrase is the server GPG key. The one it is now creating is your account one to encrypt your passwords so when you create that one it will have a passphrase with it. This will act as your master passphrase to log in

So it is fine. Ok thanks!

Hi, so I try the solution which configure in the web UI and it works when I test it out but when I try to save the settings it pop out “An internal error has occured”. But when I check the passbolt.php, I already give permission to Nginx as the owner. Btw, I’m using oracle linux 8.5. So, what is the cause of this error? Below is the error log from the inspect elements (Network) from Mozilla Firefox. Thanks in advance.

internalerror795×88 16 KB

This could be SElinux related. Try the following and see if that clears it up:

 sudo setsebool -P httpd_use_gpg=on
 sudo setsebool -P gpg_web_anon_write=on
 sudo semanage permissive -a gpg_web_t

is the command is the same if i use nginx?

yes, it should be the same if you are using nginx

What does it mean by do not set a passphrase when generating the server key because from the UI it just prompt to fill the server name and server email and also comment. I do not see any passphrase that can be set during the installation except the last one as the master key.

That is in reference to this step

image1280×849 96.8 KB

Specifically if you choose the Import option at the top

Thank you for responding. Ya, I know it refers to the page. I’m just trying to make sure that I do not do anything that can compromise the php-gnupg because previously after I install passbolt, when I want to sign back in, it prompt the server key is not verified. So, I was forced to rotate the keys and then same thing happen again even though there is no error in the health check and status-report. So is it better for me to fill the UI or create a new key and import it as below?: