I am logged into my PassBolt Server trying to add a SSL cert. When trying to execute -
sudo dpkg-reconfigure passbolt-pro-server
I receive dkpg-query: package ‘passbolt-pro-server’ is not installed and no information is available. I’m unsure how this could be possible as I have prev installed passbolt and am currently using passbolt.
Thank you for your quick responses @AnatomicJC what I’m wondering is for the nginx config example, if my url for PB is currently a ip would that be used where the place holder is server name? Also I don’t currently have a ssl cert that’s what I was trying to accomplish through the auto config option as I was under the impression it would add it for me through lets encrypt. I understand that I can’t do this option now due to PB being installed via source and not package. I just need some assistance on how to get a ssl cert added to my PB install. Thank you again for your assisance!
You can’t get a SSL certificate from Let’s Encrypt with an IP address. If your server is not reachable from the internet to get Let’s Encrypt certificates, if you don’t have any domain name, and if you just have an IP address, you can generate a self signed SSL certificate valid for an IP with this command (replace the X.X.X.X with your IP address):
This command will generate a cert.pem and key,pem you will be able to use in the nginx configuration file example.
Warning: If you are changing your domain from HTTP to HTTPS , you will unlink the browser extension of all the users. Before changing the domain, you must ensure that all the users have a copy of their private key to recover their account .
Let me know what do you want to do, and don’t hesitate to ask if some parts are unclear.
Hello @AnatomicJC just to confirm, if the users do not have a copy of their private key is there anything I can do to ensure they will still have access to their account? Also, if I would like to change from an ip to domain would that be possible once I have the ssl cert?
Unfortunately no. You must ensure users have a backup of their private key to be sure they will be able to recover their account.
It is easy for them to download it if they don’t have a backup. They can go to http://your.passbolt.url/app/settings/keys then download it:
I just would like to make sure I have the steps down. I first need to generate a self signed SSL cert because I have an IP address. Which process then would I need to change from and IP address to a domain name?
@twest To reconfigure settings so a domain is used instead of an ip address, you will need to change the fullBaseUrl value in your config/passbolt.php file. You may also need to add the domain to your /etc/hosts file so the server is able to resolve the domain.
As written in the pro-tip: You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in subjectAltName.
It is important to set your passbolt FQDN in both CN and subjectAltName. In this way, you will be able to import the generated certificate in your operating system keychain and make your self-signed domain trusted in your browser.
@twest If you are a Passbolt Pro user you can get help via support@passbolt.com and link to this thread in the email you send. I mention this because in your first post you mention the pro package. You can ask about phone support as well.