Hello!
I need help with a problem with passbolt (v3.0.2) that I have been trying to solve for the last few days, but I haven’t gotten it fixed yet.
Our passbolt is hosted in:
- An EC2 machine
- OS is Ubuntu
- It has a 20GB volume attached
- Its hostname is defined in a Cloudfront
And it has stopped working suddenly. We thought it could be storage issues (since it happened before), but it’s only using 15GB. We don’t know exactly what happened, so I’m sharing other information about them.
Its healthcheck
Environment
[PASS] PHP version 7.3.27-9+ubuntu18.04.1+deb.sury.org+1.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pass.outsmartyourself.com.br
[PASS] App.fullBaseUrl validation OK.
[FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl
[HELP] Check that the domain name is correct in config/passbolt.php
[HELP] Check the network settings
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] fopen(https://pass.outsmartyourself.com.br/healthcheck/status.json): failed to open stream: Connection refused
Database
[PASS] The application is able to connect to the database
[PASS] 25 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[FAIL] This installation is not up to date. Currently using 3.0.2 and it should be v3.12.2.
[HELP] See. https://www.passbolt.com/help/tech/update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
4 error(s) found. Hang in there!
Something I thought strange and I would like to share with you is that it does not show anything running on Port 443, which explains why passbolt does not receive any response from https://pass.outsmartyourself.com.br/
sudo lsof -i -P -n | grep LISTEN
systemd-r 684 systemd-resolve 13u IPv4 17756 0t0 TCP 127.0.0.53:53 (LISTEN)
php-fpm7. 849 root 7u IPv4 21747 0t0 TCP 127.0.0.1:9000 (LISTEN)
sshd 850 root 3u IPv4 20954 0t0 TCP *:22 (LISTEN)
sshd 850 root 4u IPv6 21070 0t0 TCP *:22 (LISTEN)
apache2 923 root 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
mysqld 988 mysql 19u IPv6 21970 0t0 TCP *:3306 (LISTEN)
php-fpm7. 989 www-data 9u IPv4 21747 0t0 TCP 127.0.0.1:9000 (LISTEN)
php-fpm7. 990 www-data 9u IPv4 21747 0t0 TCP 127.0.0.1:9000 (LISTEN)
apache2 23209 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
apache2 23210 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
apache2 23211 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
apache2 23213 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
apache2 23215 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
apache2 23375 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
apache2 29683 www-data 4u IPv6 21492 0t0 TCP *:80 (LISTEN)
Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
Hi @joaogolias Welcome to the forum!
I notice your version is outdated. Are you expecting to be running the Apache webserver or NGINX?
Did you originally install via package or source?
Hi @garrett! Thank you for your quick reply!
It was originally installed with NGINX as I saw in our install.log
file.
===================
Setting up nginx...
===================
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pass.outsmartyourself.com.br
Using the webroot path /var/www/passbolt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/pass.outsmartyourself.com.br/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/pass.outsmartyourself.com.br/privkey.pem
Your cert will expire on 2019-05-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
We installed it in 2021 via package!
In this machine, there’s the passbolt_ce_ubuntu_installer.sh
script
Hi,
I guess you could stop apache2 service:
systemctl stop apache2
And start nginx:
systemctl start nginx
Run the above commands as root user or with sudo.
If it solves your issue, and if you don’t have any other service running with apache, you can disable apache2 service:
systemctl disable apache2
Thus, apache2 won’t be started on next reboot.
You should consider to migrate your passbolt to a more recent server, there are guides for this in the help site.
Best,
1 Like
@AnatomicJC
Thank you so much!! It worked!!
Now there is “something” running on port 443 and Health Check shows no error (but the update one)
sudo lsof -i -P -n | grep LISTEN
systemd-r 684 systemd-resolve 13u IPv4 17756 0t0 TCP 127.0.0.53:53 (LISTEN)
php-fpm7. 849 root 7u IPv4 21747 0t0 TCP 127.0.0.1:9000 (LISTEN)
sshd 850 root 3u IPv4 20954 0t0 TCP *:22 (LISTEN)
sshd 850 root 4u IPv6 21070 0t0 TCP *:22 (LISTEN)
mysqld 988 mysql 19u IPv6 21970 0t0 TCP *:3306 (LISTEN)
php-fpm7. 989 www-data 9u IPv4 21747 0t0 TCP 127.0.0.1:9000 (LISTEN)
php-fpm7. 990 www-data 9u IPv4 21747 0t0 TCP 127.0.0.1:9000 (LISTEN)
nginx 32734 root 8u IPv4 2459510 0t0 TCP *:80 (LISTEN)
nginx 32734 root 9u IPv4 2459511 0t0 TCP *:443 (LISTEN)
nginx 32734 root 10u IPv6 2459512 0t0 TCP *:80 (LISTEN)
nginx 32738 www-data 8u IPv4 2459510 0t0 TCP *:80 (LISTEN)
nginx 32738 www-data 9u IPv4 2459511 0t0 TCP *:443 (LISTEN)
nginx 32738 www-data 10u IPv6 2459512 0t0 TCP *:80 (LISTEN)
Environment
[PASS] PHP version 7.3.27-9+ubuntu18.04.1+deb.sury.org+1.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pass.outsmartyourself.com.br
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 25 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[FAIL] This installation is not up to date. Currently using 3.0.2 and it should be v3.12.2.
[HELP] See. https://www.passbolt.com/help/tech/update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
1 error(s) found. Hang in there!
About the update itself, I’m already studying the docs to do so.
Once again, thank you very much!
Best,
2 Likes