Checklist
[Y] I have read intro post: About the Installation Issues category
[Y] I have read the tutorials, help and searched for similar issues
[Y] I provide relevant information about my server (component names and versions, etc.)
[Y] I provide a copy of my logs and healthcheck
[Y] I describe the steps I have taken to trouble shoot the problem
[Unknown] I describe the steps on how to reproduce the issue
Passbolt Install location and information:
Passbolt-CE is currently running locally on WSL. Installation standard location /etc/passbolt/, /usr/share/php/passbolt and /var/lib/passbolt/ … it has been working for months without any issues
Everything has been running perfectly for a good couple of months until recently, couple of days ago I decided to edit a password, it then redirected me to a " Sorry, the server key has changed.", I accepted the change as it was the exact same key as the original. After I accepted, it simply redirects me to the login page and the same thing occurs after I login.
I then ran a health check and everything seems to be fine.
root@topsecret:/usr/share/php/passbolt# bin/cake passbolt healthcheck --gpg
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
[PASS] No error found. Nice one sparky!
Weird part is I have no idea what caused this nor do I know where to look for fixes, I have searched and tried the following with no success.
Funny and interesting part is that I am still able to login to the server (Passbolt) using just the firefox/chrome extension. I am just not able to get into the panel/dashboard.
Just had a look and the dates and times match up exactly.
Not going to lie, I haven’t tampered with anything and I have no idea where to start looking since the are no errors in the gpg health check
What i did notice is i do not get a valid response when running this command via root or www-data
root@redacted:/usr/share/php/passbolt# sudo gpg /etc/passbolt/gpg/serverkey_private.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: DBG: FIXME: merging secret key blocks is not anymore available
gpg: DBG: FIXME: No way to print secret key packets here
The recovery process is the same process used for when you simply want to access from a new browser.
If you are locked out of passbolt because of this issue, it’s possible (look for recent threads) to generate a recovery link from the server command line and then look it up in the db.
The issue I’m currently having is, I realized my mail server is offline and probably not going to be able to send the recovery email.
Going to look into generating a recovery link via the command line, since it would be easier for me to simply get the link and paste it in the browser.
That comes close, haven’t been able to find any articles or posts (DuckDuckGo) and Passbolt forums directly linking to create recovery links via the command line interface.
Sorry I may have been unclear. When you go to the site without having access, you can ask it to send an email, and a link will be created. Even if your mail server is down, you can use the link above to get the recovery link from your db that would have been sent out.
After the login was successful I then tried to recover the account on my actual browser (Brave), turns out that it’s been a brave issue. I removed the PassBolt extension and reinstalled the extension. I then initiated another recovery which worked, I then tried to login and was presented with the same error “** Sorry, the server key has changed.**”
Not sure what’s the issue now, Brave Browser or PassBolt extension.
Thank you for all your assistance, it is greatly appreciated
Hi, I was able to sit with it again and I am seriously mind boggled, I tried to login randomly and it worked.
The Extension seems to have fixed itself, I’m not sure how though.
The conclusion I came to is caching on my server end. My browser is set to remove all cache, history etc on exit, so I don’t think the browser was caching anything.