Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Hi, I have succesfully setup the docker version of passbot in a rancher cluster.
I could create the admin user and set him up afterwards in the brother extension.
During the next step, I created new users, who received their email invitations.
They install the browser extension then try to setup their account.
After chosing their password, the process fails on the " Generating the secret and public key" step. The debug info is the following :
{
"error": {},
"setup": {
"stepId": "secret",
"stepsHistory": "domain_check/define_key",
"user": {
"username": "user@domain.com",
"firstname": "user",
"lastname": "username",
"id": "47ed3e82-3f1a-4e19-88ee-e0334148bac6"
},
"key": {
"ownerName": "user username",
"ownerEmail": "user@domain.com",
"comment": "",
"length": "2048",
"algorithm": "RSA-DSA",
"passphrase": ""
},
"settings": {
"token": "85660c5e-8d3f-49a9-8aa5-d633eae9a6fc",
"domain": "https://my.passbot.url",
"workflow": "install",
"armoredServerKey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n
(blah blah blah)-----END PGP PUBLIC KEY BLOCK-----\n"
}
}
}
I have checked (and fixed a few things) following healthcheck.
Here is the current one :
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
---------------------------------------------------------------
Healthcheck shell
---------------------------------------------------------------
Environment
[PASS] PHP version 7.3.17.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[WARN] The passbolt config file is missing in /var/www/passbolt/config/
[HELP] Copy /var/www/passbolt/config/passbolt.php.default to /var/www/passbolt/config/passbolt.php
[HELP] The passbolt config file is not required if passbolt is configured with environment variables
Core config
[FAIL] Debug mode is on.
[HELP] Set debug = false; in config/passbolt.php
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://my.passbolt.url
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] cURL Error (60) SSL certificate problem: unable to get local issuer certificate
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg.
[PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (2.12.1).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
3 error(s) found. Hang in there!
Besides the SSL Warnings that I can’t explain and often are dismissed in troubleshootings I could see in other posts, I really don’t understand what can be wrong and the error message doesn’t help much.
My last idea is regarding this warning at the end of the docker hub passbot page :
rng-tools or haveged are required on host machine to speed up entropy generation on containers. This way gpg key creation on passbolt container will be faster.
I am not quite sure this could have anything to do with my problem but since it deals with key generation I looked it up and can’t think of any way to add this packages wether to the docker image itself nor the rancher/kubernet node hosting the workload.
Any wizard feels like helping me out ?