Looks like my Passbolt is really screwed up 
this is what I pulled from the health check and the nginx log.
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 7.2.10.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://xxx
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] cURL Error (60) Peer’s Certificate issuer is not recognized.
Database
[PASS] The application is able to connect to the database
[PASS] 23 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (2.11.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
2 error(s) found. Hang in there!
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 133
PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vend
2019/10/15 21:50:44 [error] 2300#0: *9 upstream sent too big header while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: , request: “POST /auth/login.json?api-version=v1 HTTP/1.1”, upstream: “fastcgi://127.0.0.1:9000”, host: “”