Unable to login following initial install

[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue

Hi all,

Really sorry if this question has been asked a million times. I have searched the forums and I cannot seem to find the exact issue I am seeing.

My server is all setup and ready to go but using Apache not nginx on RockyLinux.
I have registered myself as a user by issuing the command ‘/bin/bash -c “./bin/cake passbolt register_user -u me.myself@mycompany.co.uk -f Me -l Myself -r admin” apache’

I then follow the registration URL that is generated. But I get this message:


If I select “Try with another email” and put the same email address in again, await my recovery email to arrive and follow the link I am asked for a private key? Where do I get this from?

If I click on “Help, I lost my private key” I get taken to the page to request a new account. If I create a new account the same thing happens again so I go round in circles.

I do have some errors in my health check but I don’t think they are related. I’m running the server internally on a local Intranet server therefore we have to use self signed certificates.

[root@g000081 passbolt]# cat /proc/sys/kernel/random/entropy_avail
[root@g000081 passbolt]# /bin/bash -c "./bin/cake passbolt healthcheck" www-data

     ____                  __          ____  
    / __ \____  _____ ____/ /_  ____  / / /_ 
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
 /_/    \__,_/____/____/_.___/\____/_/\__/   

 Open source password manager for teams
 Healthcheck shell        


 [PASS] PHP version 7.4.27.
 [PASS] PCRE compiled with unicode support.
 [PASS] The temporary directory and its content are writable and not executable.
 [PASS] The logs directory and its content are writable.
 [PASS] GD or Imagick extension is installed.
 [PASS] Intl extension is installed.
 [PASS] Mbstring extension is installed.

 Config files

 [PASS] The application config file is present
 [PASS] The passbolt config file is present

 Core config

 [PASS] Debug mode is off.
 [PASS] Cache is working.
 [PASS] Unique value set for security.salt
 [PASS] Full base url is set to https://passbolt.mycomany.local
 [PASS] App.fullBaseUrl validation OK.
 [PASS] /healthcheck/status is reachable.

 SSL Certificate

 [FAIL] SSL peer certificate does not validate
 [FAIL] Hostname does not match when validating certificates.
 [WARN] Using a self-signed certificate
 [HELP] cURL Error (60) SSL certificate problem: self signed certificate in certificate chain


 [PASS] The application is able to connect to the database
 [PASS] 26 tables found
 [PASS] Some default content is present
 [PASS] The database schema up to date.

 GPG Configuration

 [PASS] PHP GPG Module is installed and loaded.
 [PASS] The environment variable GNUPGHOME is set to /root/.gnupg.
 [PASS] The directory /root/.gnupg containing the keyring is writable by the webserver user.
 [PASS] The server OpenPGP key is not the default one
 [PASS] The public key file is defined in config/passbolt.php and readable.
 [PASS] The private key file is defined in config/passbolt.php and readable.
 [PASS] The server key fingerprint matches the one defined in config/passbolt.php.
 [PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
 [PASS] There is a valid email id defined for the server key.
 [FAIL] The public key cannot be used to encrypt a message
 [HELP] Make sure that the server private key is valid and that there is no passphrase.
 [HELP] Make sure you imported the private server key in the keyring of the webserver user.
 [HELP] you can try:
 [HELP] sudo su -s /bin/bash -c "gpg --home /root/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" root
 [PASS] The private key can be used to sign a message.
 [FAIL] The public and private keys cannot be used to encrypt and sign a message
 [FAIL] The private key cannot be used to decrypt a message
 [FAIL] The private key cannot be used to decrypt and verify a message
 [FAIL] The public key cannot be used to verify a signature.

 Application configuration

 [PASS] Using latest passbolt version (3.4.0).
 [PASS] Passbolt is configured to force SSL use.
 [PASS] App.fullBaseUrl is set to HTTPS.
 [PASS] Selenium API endpoints are disabled.
 [PASS] Search engine robots are told not to index content.
 [PASS] Registration is closed, only administrators can add users.
 [PASS] Serving the compiled version of the javascript app
 [PASS] All email notifications will be sent.

 JWT Authentication

 [WARN] The JWT Authentication plugin is disabled
 [HELP] Set the environment variable PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED to true

 [FAIL] 7 error(s) found. Hang in there!

Can anyone assist? I’m so close, I can feel it!


The certificate shouldn’t be an issue. However there is an issue with the gpg configuration. It seems the keyring is set to /root/.gnupg and that the permissions on it are not correct. Which method did you use to install this instance?

If you use the default debian or ubuntu packages you shouldn’t have these kind of trouble, and the package will configure the gnupg keyring location and permissions correctly.

Hi @remy

Thank you for taking the time to reply to me. Much appreciated!

I didn’t use the repository to install as our company use apace and therefore I needed to customise the install. I used this guide How to Install Passbolt Self-Hosted Password Manager on CentOS 8

The contents of /root/.gnupg is currently root:root. Should I change this or should I change the keyring?


It should be located where the nginx has access, and permissions typically should be nginx:nginx and not readable by other users.

drwx------ nginx nginx .
-rw-r--r--  nginx nginx pubring.kbx
-rw-------  nginx nginx trustdb.gpg

There is also some additional configuration to make authentication works with apache, it’s explained in another thread here: Cannot get passwords on the Android App - #9 by rkk

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*) 
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

Thanks for the info but i am still having issue to applying it can you suggest whare i am doing wrong.

@Roob Hi, please start a new thread with your installation information, healthcheck, and details regarding what you have already done, thanks.