Checklist
I have read intro post: https://community.passbolt.com/t/about-the-installation-issues-category/12
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Passbolt CE 5.8.0
Cakephp 5.2.9
Docker image: passbolt/passbolt:5.8.0-1-ce-non-root
What happened?
Since today(don’t know proper day it really started) I cannot login into Passbolt. After I insert passphrase, I get instantly redirected back to login - /auth/login?redirect=%2F&locale=en-UK .. Sometimes it was showing that there is internal server error message after login, but after some time it started redirections back to login page.
Also I’m unable to see any logs in the container .. nothing is in /var/log/passbolt/error.log, tried different places too - no log anywhere. Log of container has no errors .
What I tried?
I had old version - 4.3 so i upgraded to 4.18, then 5.0 and then 5.8 .. Inside healthcheck there was problem with GPG key, so I created new one(i have backup of the old one, tried new and old, nothing helped) and added additional environment variables - PASSBOLT_KEY_EMAIL, PASSBOLT_GPG_SERVER_KEY_FINGERPRINT .. After errors in healthcheck are out, the problem still persists.
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
If you want to have more information about the different checks, please take a look at the documentation: https://www.passbolt.com/docs/admin/server-maintenance/passbolt-api-status/.
-------------------------------------------------------------------------------
Environment
[INFO] Linux passbolt-deployment-855974f5b8-rbqjt 6.1.0-11-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-4 (2023-08-08) x86_64 GNU/Linux
[PASS] PHP version 8.4.16.
[PASS] PHP version is 8.2 or above.
[PASS] 64-bit architecture system detected.
[INFO] gpg (GnuPG) 2.4.7 / libgcrypt 1.11.0
[PASS] PCRE compiled with unicode support.
[PASS] Mbstring extension is installed.
[PASS] Intl extension is installed.
[PASS] GD or Imagick extension is installed.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory /var/log/passbolt/ and its content are writable.
[INFO] System clock and NTP service information cannot be found.
[HELP] See `timedatectl | grep -i -A 1 clock`. More information: https://www.passbolt.com/docs/hosting/configure/ntp/
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /etc/passbolt/
[HELP] Copy /etc/passbolt/passbolt.default.php to /etc/passbolt/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[PASS] Cache is working.
[FAIL] Debug mode is on.
[HELP] Set debug to false in /etc/passbolt/passbolt.php
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pass.nwt.cz
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates.
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate.
SMTP settings
[PASS] The SMTP Settings plugin is enabled.
[FAIL] SMTP Setting errors: The OpenPGP server key cannot be used to decrypt the SMTP settings stored in database. To fix this problem, you need to configure the SMTP server again. Decryption failed. decrypt failed
[PASS] The SMTP Settings source is: database.
[WARN] The SMTP Settings plugin endpoints are enabled.
[HELP] It is recommended to disable the plugin endpoints.
[HELP] Set the PASSBOLT_SECURITY_SMTP_SETTINGS_ENDPOINTS_DISABLED environment variable to true.
[HELP] Or set passbolt.security.smtpSettings.endpointsDisabled to true in /etc/passbolt/passbolt.php.
[PASS] No custom SSL configuration for SMTP server.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled.
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one.
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[PASS] Using latest passbolt version (5.8.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[INFO] The Self Registration plugin is enabled.
[INFO] Registration is closed, only administrators can add users.
[PASS] The deprecated self registration public setting was not found in /etc/passbolt/passbolt.php.
[WARN] Host availability checking is disabled.
[HELP] Make sure this instance is not publicly available on the internet.
[HELP] Or set the PASSBOLT_EMAIL_VALIDATE_MX environment variable to true.
[HELP] Or set passbolt.email.validate.mx to true in /etc/passbolt/passbolt.php.
[PASS] Serving the compiled version of the javascript app.
[WARN] Some email notifications are disabled by the administrator.
[PASS] The database schema is up to date.
Database
[PASS] The application is able to connect to the database
[PASS] 35 tables found.
[PASS] Some default content is present.
Metadata
[PASS] The server is able to decrypt the metadata private key.
[PASS] Active metadata key found or not required.
[PASS] The server has access to the metadata keys or does not require access to it.
[PASS] The server metadata private key is valid.
[FAIL] 2 error(s) found. Hang in there!
Yes I know there is now SMTP error and DEBUG, but it does not make difference as with the old GPG key and debug off there are no errors and the problem persists. The problem is I cannot see more detail of what is causing the issue as there are no error logs anywhere. When running status check, then there is this:
tail: cannot open ‘/var/log/passbolt/error.log’ for reading: No such file or directory
Any idea, what I might be doing wrong? Thanks for any help.