Checklist
[–] I have read intro post: About the Installation Issues category
[–] I have read the tutorials, help and searched for similar issues
[–] I provide relevant information about my server (component names and versions, etc.)
[–] I provide a copy of my logs and healthcheck
[–] I describe the steps I have taken to trouble shoot the problem
[–] I describe the steps on how to reproduce the issue
– Server operating system name and version ==> Debian 11.5
– Web server name and version ==> Nginx
– Database server name and version ==> Mysql
– Php version ==> v7.433
– Passbolt version ==> 3.9
Hi,
I’m trying to setup a new passbolt server.
Everything goes well until the email login.
I tried a lot of different solutions found here but none worked.
First, I’m using a SMTP server located on the same private IP of my passbolt server.
The server is running behind a Pfsense , the web server is served by HAproxy.
My previous passbolt was working without mods, this setup needed tunning.
I had to add :
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false,
'allow_self_signed' => true
]
]
To send emails.
So using the command
sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=admi@DOMAIN.tld"
I receive emails, but if I add an user or reconnect, I don’t receive it.
I tried this command :
/usr/share/php/passbolt/bin/cake EmailQueue.sender
I get theses errors :
PHP Warning: Use of undefined constant context - assumed 'context' (this will throw an Error in a future version of PHP) in /etc/passbolt/app.php on line 246
Warning Error: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
In [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Network/Socket.php, line 489]
2023-01-29 21:47:00 warning: Warning (2): stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Network/Socket.php, line 489]
SMTP server did not accept the connection or trying to connect to non TLS SMTP server using TLS.
Email 3 was not sent
I checked on my SMTP server, when sending a test mail, I see it passing.
When it’s supposed to be sent for registration or login, I see nothing and I get this error :
connect from passbolt-pass2.pf2.vl12[10.10.12.4]
mail postfix/submission/smtpd[25351]: SSL_accept error from passbolt-pass2.pf2.vl12[10.10.12.4]: -1
mail postfix/submission/smtpd[25351]: warning: TLS library problem: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1543:SSL alert number 48:
mail postfix/submission/smtpd[25351]: lost connection after STARTTLS from passbolt-pass2.pf2.vl12[10.10.12.4]
mail postfix/submission/smtpd[25351]: disconnect from passbolt-pass2.pf2.vl12[10.10.12.4] ehlo=1 starttls=0/1 commands=1/2
####################################
Here my health check (Domain is anonymized):
~# su - www-data -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"
PHP Warning: Use of undefined constant context - assumed 'context' (this will throw an Error in a future version of PHP) in /etc/passbolt/app.php on line 246
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 7.4.33.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.DOMAIN.tld
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] Check https://help.passbolt.com/faq/hosting/troubleshoot-ssl
[HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate
Database
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (3.9.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[PASS] All email notifications will be sent.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[FAIL] 2 error(s) found. Hang in there!
Already tried to :
~# sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake cache clear_all"
PHP Warning: Use of undefined constant context - assumed 'context' (this will throw an Error in a future version of PHP) in /etc/passbolt/app.php on line 246
Clearing default
Cleared default cache
Clearing _cake_core_
Cleared _cake_core_ cache
Clearing _cake_model_
Cleared _cake_model_ cache
And checked that my cron is running and the correct user is setup in cron command.
Been trying for the last 3 days without success , this forum is my last hope