Sorry, the server key has changed. [Not New Install]

Checklist
[Y] I have read intro post: About the Installation Issues category
[Y] I have read the tutorials, help and searched for similar issues
[Y] I provide relevant information about my server (component names and versions, etc.)
[Y] I provide a copy of my logs and healthcheck
[Y] I describe the steps I have taken to trouble shoot the problem
[Unknown] I describe the steps on how to reproduce the issue

Passbolt Install location and information:

Passbolt-CE is currently running locally on WSL. Installation standard location /etc/passbolt/, /usr/share/php/passbolt and /var/lib/passbolt/ … it has been working for months without any issues

Everything has been running perfectly for a good couple of months until recently, couple of days ago I decided to edit a password, it then redirected me to a " Sorry, the server key has changed.", I accepted the change as it was the exact same key as the original. After I accepted, it simply redirects me to the login page and the same thing occurs after I login.

I then ran a health check and everything seems to be fine.

root@topsecret:/usr/share/php/passbolt# bin/cake passbolt healthcheck --gpg

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
 Healthcheck shell
-------------------------------------------------------------------------------

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
 [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [PASS] The public key can be used to encrypt a message.
 [PASS] The private key can be used to sign a message.
 [PASS] The public and private keys can be used to encrypt and sign a message.
 [PASS] The private key can be used to decrypt a message.
 [PASS] The private key can be used to decrypt and verify a message.
 [PASS] The public key can be used to verify a signature.
 [PASS] The server public key format is Gopengpg compatible.
 [PASS] The server private key format is Gopengpg compatible.

 [PASS] No error found. Nice one sparky!

Weird part is I have no idea what caused this nor do I know where to look for fixes, I have searched and tried the following with no success.

Funny and interesting part is that I am still able to login to the server (Passbolt) using just the firefox/chrome extension. I am just not able to get into the panel/dashboard.

Server time comes to mind, that should be checked.

Just had a look and the dates and times match up exactly.

Not going to lie, I haven’t tampered with anything and I have no idea where to start looking since the are no errors in the gpg health check

What i did notice is i do not get a valid response when running this command via root or www-data

root@redacted:/usr/share/php/passbolt# sudo gpg /etc/passbolt/gpg/serverkey_private.asc
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: DBG: FIXME: merging secret key blocks is not anymore available
gpg: DBG: FIXME: No way to print secret key packets here

You could try a recovery on a second browser and see if that works.

Going to give this a try now, I also updated my previous reply with something that might be an issue ?

Is there a way to create a backup of the user data, passwords etc before I start tampering with the passbolt system ?

Yes here Passbolt Help | Backup

The recovery process is the same process used for when you simply want to access from a new browser.

If you are locked out of passbolt because of this issue, it’s possible (look for recent threads) to generate a recovery link from the server command line and then look it up in the db.

Awesome, Definitely going to need the backup.

The issue I’m currently having is, I realized my mail server is offline and probably not going to be able to send the recovery email.

Going to look into generating a recovery link via the command line, since it would be easier for me to simply get the link and paste it in the browser.

Will update this post if I am not successful.

I have found the following:

That comes close, haven’t been able to find any articles or posts (DuckDuckGo) and Passbolt forums directly linking to create recovery links via the command line interface.

This might help Passbolt self hosted does not send password recovery email only from administrator

Sorry I may have been unclear. When you go to the site without having access, you can ask it to send an email, and a link will be created. Even if your mail server is down, you can use the link above to get the recovery link from your db that would have been sent out.

Not a problem,

The above link Passbolt self hosted does not send password recovery email only from administrator was definitely useful as I was able to recover my account using Google Chrome :(. The issue is that the chrome I tested the recovery on was brand new (clean install) and when attempted on my browser (Brave) it fails.

After the login was successful I then tried to recover the account on my actual browser (Brave), turns out that it’s been a brave issue. I removed the PassBolt extension and reinstalled the extension. I then initiated another recovery which worked, I then tried to login and was presented with the same error “** Sorry, the server key has changed.**”

Not sure what’s the issue now, Brave Browser or PassBolt extension.

Thank you for all your assistance, it is greatly appreciated :slight_smile:

1 Like

Is it your sense that the latest Brave update might have caused this? Maybe trying an earlier version would help confirm that at least for your setup.

1 Like

Hi, I was able to sit with it again and I am seriously mind boggled, I tried to login randomly and it worked.
The Extension seems to have fixed itself, I’m not sure how though.

The conclusion I came to is caching on my server end. My browser is set to remove all cache, history etc on exit, so I don’t think the browser was caching anything.

I’m not even sure how to replicate this lol.

.