The private key file is not defined in config/passbolt.php or not readable

yash · July 23, 2022, 7:45pm

Environment

[PASS] PHP version 7.3.33-4+0~20220627.98+debian9~1.gbp40b3e4.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://creds.dev.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /home/master/.gnupg.
[PASS] The directory /home/master/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[FAIL] The private key file is not defined in config/passbolt.php or not readable.
[HELP] Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
[HELP] Ensure there is a private key armored block in the key file.
[HELP] Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.
[HELP] See. Passbolt Help | Installation
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/master/.gnupg” master_qkkygwshtj | grep -i -B 2 ‘SERVER_KEY_EMA
IL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. Passbolt Help | Installation
[FAIL] The server public key defined in the config/passbolt.php is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c “gpg --home /home/master/.gnupg --import /mnt/data/home/master/applications/thtggjbrym/public_html/confi/gp
g/serverkey_private.asc” master_qkkygwshtj
[FAIL] The server key does not have a valid email id.
[HELP] Edit or generate another key with a valid email id.

Application configuration

[FAIL] This installation is not up to date. Currently using 2.4.0 and it should be v3.6.0.
[HELP] See. Passbolt Help | Update
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

5 error(s) found. Hang in there!

This is my health check

Can you help me how to solve this issue please? these are the permissions i have set for the file serverkey_private.asc

i have checked that there are no \n added to the top of that file as well

garrett · July 23, 2022, 10:25pm

Hi @yash, for the file itself as long as it’s owned by the webserver user it should be owner:group readable with 660.

yash · July 24, 2022, 3:55am

Hi, i have changed it to 660, still i am getting the same error on health check

[FAIL] The private key file is not defined in config/passbolt.php or not readable.
[HELP] Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
[HELP] Ensure there is a private key armored block in the key file.
[HELP] Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.
[HELP] See. Passbolt Help | Installation
[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/master/.gnupg” master_qkkygwshtj | grep -i -B 2 ‘SERVER_KEY_EMA
IL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. Passbolt Help | Installation

garrett · July 24, 2022, 4:25am

@yash Well… you only asked one question so you were provided one answer.

The healthcheck is incredibly informative and is a checklist for you to follow. All of the [HELP] sections are for your further efforts to fix:

[FAIL] The private key file is not defined in config/passbolt.php or not readable.

Ensure the private key file is defined by the variable passbolt.gpg.serverKey.private in config/passbolt.php.
Ensure there is a private key armored block in the key file.
Ensure the private key defined in config/passbolt.php exists and is accessible by the webserver user.

[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.

Double check the key fingerprint, example: sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/master/.gnupg” master_qkkygwshtj | grep -i -B 2 ‘SERVER_KEY_EMAIL’ SERVER_KEY_EMAIL: The email you used when you generated the server key.

Like so.

yash · July 24, 2022, 5:39am

i have run this command but nothing appears, are there any code changes that needs to be done in the php file? i have check the files exist in confi/gpg/ folder @garrett

garrett · July 24, 2022, 10:59am

@yash I’m assuming you mean the very last command listed.

Just to confirm, is your webserver user named master_qkkygwshtj? Which webserver is being used? What OS are you running?

yash · July 24, 2022, 11:30am

Debian GNU/Linux 9.13 (stretch)
yes the username is master_qkkygwshtj
master user doesn’t have sudo right
@garrett

garrett · July 24, 2022, 12:22pm

@yash There is a Debian package for Debian 11. But if you don’t have sudo rights that’s not going to work. You might want to consider running the Docker version of that’s possible.

Passbolt Help | Install Passbolt CE on Debian 11 (Bullseye) for Debian minimum requirements

Passbolt Help | Docker passbolt installation for Docker version which has a rootless mode

yash · July 24, 2022, 12:34pm

But passbolt used to work properly and there are no changes done to it, is there something needs to be edited on serverkey?

garrett · July 24, 2022, 1:03pm

@yash Actually, the extension has been updated numerous times but your backend is way outdated and needs an upgrade.

Upgrading is what is needed, just like @remy said here This key does not match any account - #20 by remy

yash · July 24, 2022, 1:09pm

ok so if the backend is updated will it work, and what to update in the backend? can you let me know the code if possible i’ll ask the server team if that works

garrett · July 24, 2022, 1:17pm

The instructions for upgrading are found on the same site linked above. I would recommend you provide those links to the server team and seek upgrade and migration.

yash · July 24, 2022, 1:22pm

can we download the old version of the extension?

garrett · July 24, 2022, 4:08pm

Yes. Everything is open source on Github. Passbolt · GitHub

Instructions for building are also found in Github. For those who are familiar with such things it’s all there. We don’t promote old versions in the forum, because of security issues and general functionality the newest versions offer.

yash · July 24, 2022, 8:20pm

this doesn’t seems to be an extension issue as i have installed 3.4 version of the extension and still getting the error @garrett @remy

yash · July 23, 2022, 7:03pm

What permission do we have to set for the serverkey file?

garrett · July 25, 2022, 1:30am

I moved your post on the other thread to here to consolidate.

yash · July 25, 2022, 3:49am

Hi, i am getting the same error, but i have checked the serverkey file doesn’t have any newline added anywhere, do i need to do some code change, i have also tried installing the old version of the extension 3.4 but still getting the same error, haven’t done any changes in code and it automatically stopped working, can anyone please help me with this

yash · July 25, 2022, 1:18pm

This is the error log of the extension on chrome @remy

remy · July 26, 2022, 8:07am

This means your server is crashing. Can you provide your server logs, typically under /var/www/passbolt_api/logs/error.log or /var/log/passbolt/error.log.

Most likely it’s related to an issue with your server key. Most likely that key is expired. Try rotating the server key: Passbolt Help | How to rotate server GPG keys

Topic		Replies	Views
Users/Recover failed with internal Error Installation Issues	3	1757	June 2, 2018
Passbolt helm chart issue with ios app Installation Issues	2	628	July 11, 2023
The public and private keys cannot be used to encrypt and sign a message Installation Issues	6	1504	June 5, 2021
Could not verify server key. There was an error during authentication Installation Issues	9	3398	April 27, 2020
Exception: SQLSTATE[HY000] [2002] Connection refused Installation Issues	17	4712	May 6, 2020

The private key file is not defined in config/passbolt.php or not readable

Related topics