PHP Fatal error: You must enable the mbstring extension to use Passbolt

I did the installation from this page (https://www.howtoforge.com/tutorial/how-to-install-passbolt-self-hosted-password-manager-on-centos-7/), but when I ran the passbolt installation (./bin/cake passbolt install), I got this error message;

PHP Warning: Module ‘gnupg’ already loaded in Unknown on line 0
PHP Fatal error: You must enable the mbstring extension to use Passbolt. in /var/www/passbolt/config/requirements.php on line 27

I already have the extension installed;
#pecl/gnupg is already installed and is the same as the released version 1.5.1

Im reading a similar case here on the forum, I added this line in php.ini file; “extension=gnupg.so”.

When I ran > php -i | grep gnupg

PHP Warning: Module ‘gnupg’ already loaded in Unknown on line 0
/etc/php.d/gnupg.ini
gnupg
gnupg support => enabled

Sorry for the text size, but could anyone help me? my PHP version is 7.4 and CentOS7

Hi @Renato Welcome to the forum! The php error referring to gnupg is saying it is already loaded so maybe the line is now listed twice. The mbstring module also needs to be enabled.

Hi @Renato,

This guide is outdated, I would advice to start over and use the centos 7 RPM package that is way more convenient to use: Passbolt Help | Install Passbolt CE on CentOS 7

Best,
Max

Hi guys, thanks for the quick response. I’ve already managed to fix these PHP errors possibly, but when I try to log in after the installation is complete, I’m getting this error message:

Sorry, you have not been signed in.
Something went wrong, the sign in failed with the following error:
An internal error occurred. The server response could not be parsed. Please contact your administrator.

I ran the healthcheck and this is the result;

Environment

[PASS] PHP version 7.4.28.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://srv-app03.mydomain.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate

Database

[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

Application configuration

[PASS] Using latest passbolt version (3.5.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

[PASS] No error found. Nice one sparky!


[root@srv-app03 ~]# tail -f /var/log/nginx/error.log
2022/02/25 13:56:01 [error] 1881#1881: *1 FastCGI sent in stderr: “PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 131PHP message: PHP Warning: file_put_contents(/var/www/passbolt/logs/error.log): failed to open stream: Permission denied in /var/www/passbolt/vendor/cakephp/cakephp/src/Log/Engine/FileLog.php on line 131” while reading response header from upstream, client: 10.120.1.23, server: srv-app03.mydomain.com, request: “GET / HTTP/1.1”, upstream: “fastcgi://unix:/var/run/php-fpm/php-fpm.sock:”, host: “srv-app03.mydomain.com
2022/02/25 13:56:02

@Renato It seems the permissions on /var/log/passbolt/logs/error.log do not permit the webserver user to write the errors. Make sure they directory and file is owned by the webserver user and that the file has write permissions.

@garrett I started following the installation link that Max sent here, but I can’t move forward.

100%[===================================================================================================================================================================================================>] 4,807 --.-K/s in 0s

2022-02-25 15:01:59 (48.9 MB/s) - ‘passbolt-repo-setup.ce.sh’ saved [4807/4807]

[root@srv-app03 ~]# [ “$(sha256sum passbolt-repo-setup.ce.sh | awk ‘{print $1}’)” = “84a7ecf5d42a729f6e015de72f9aef1fabbae13e133ff802491bb9d18950d1d6” ] && sudo bash ./passbolt-repo-setup.ce.sh || echo “Bad checksum. Aborting” && rm -f passbolt-repo-setup.ce.sh
base | 3.6 kB 00:00:00 epel/x86_64/metalink | 36 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 remi-php73 | 3.0 kB 00:00:00 remi-php74 | 3.0 kB 00:00:00 remi-safe | 3.0 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/10): base/7/x86_64/group_gz | 153 kB 00:00:00 (2/10): extras/7/x86_64/primary_db | 243 kB 00:00:00 (3/10): remi-php73/primary_db | 254 kB 00:00:01 (4/10): epel/x86_64/group_gz | 96 kB 00:00:01 (5/10): remi-php74/primary_db | 254 kB 00:00:00 (6/10): base/7/x86_64/primary_db | 6.1 MB 00:00:05 (7/10): epel/x86_64/primary_db | 7.0 MB 00:00:08 (8/10): updates/7/x86_64/primary_db | 14 MB 00:00:13 (9/10): remi-safe/primary_db | 2.1 MB 00:00:22 (10/10): epel/x86_64/updateinfo | 1.0 MB 00:00:24
Package epel-release-7-14.noarch already installed and latest version
Nothing to do
remi-release-7.rpm
Examining /var/tmp/yum-root-bYTaYc/remi-release-7.rpm: remi-release-7.9-3.el7.remi.noarch
/var/tmp/yum-root-bYTaYc/remi-release-7.rpm: does not update installed package.
Error: Nothing to do
Bad checksum. Aborting
[root@srv-app03 ~]# sudo yum install passbolt-ce-server
No package passbolt-ce-server available.
Error: Nothing to do
[root@srv-app03 ~]#

It seems to be reporting a bad checksum. Someone on the team will need to verify this.

GitHub - passbolt/passbolt-dep-scripts It appears the script was updated - possibly the hash did not get updated. @_jc can you confirm?

@garrett The checksum is correct the issue is something else that makes the script exit with an error displaying “bad checksum”, but the error is in the passbolt-repo-setup.ce.sh script (you can see it running in the console).

I just tried to install on a vanilla centos 7 and it worked. I’m not sure what is wrong with the setup in thread, I suggest trying again from scratch on a clean machine. If that still doesn’t work it might be an issue with the network.

Gentlemen, I did the installation from a new machine, it ran without errors.
But when I try to access via brownser to continue the configuration, I get the error 502 BAD GATEWAY.

tail -f /var/log/nginx/error.log
2022/03/02 11:39:37 [crit] 2467#2467: *8 connect() to unix:/run/php-fpm/www.sock failed (2: No such file or directory) while connecting to upstream, client: 10.120.1.18, server: myserver.com, request: “GET / HTTP/1.1”, upstream: “fastcgi://unix:/run/php-fpm/www.sock:”, host: “myserver.com

even following the script is still something missing to install?

Hi @Renato ,

It seems the php-fpm service is not running.

Can you check with: sudo systemctl status php-fpm.service ?

You should have a message like this one:

$ sudo systemctl status php-fpm.service
● php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2022-03-02 15:05:19 UTC; 5min ago
 Main PID: 4444 (php-fpm)
   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
   CGroup: /system.slice/php-fpm.service
           ├─4444 php-fpm: master process (/etc/php-fpm.conf)
           ├─4445 php-fpm: pool www
           └─4446 php-fpm: pool www

Mar 02 15:05:19 centos7 systemd[1]: Starting The PHP FastCGI Process Manager...
Mar 02 15:05:19 centos7 systemd[1]: Started The PHP FastCGI Process Manager.

If stopped, can you start it: sudo systemctl restart php-fpm.service ?

I assume you installed our package on CentOS 7. Can you also give us the full output of the healthcheck command:

sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

Best regards,

hi _jc,

thanks for your help again, follow the prompts.

sudo systemctl status php-fpm.service
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2022-03-02 12:17:20 -03; 1min 7s ago
Main PID: 6861 (php-fpm)
Status: “Processes active: 0, idle: 5, Requests: 3, slow: 0, Traffic: 0req/sec”
CGroup: /system.slice/php-fpm.service
├─6861 php-fpm: master process (/etc/php-fpm.conf)
├─6862 php-fpm: pool www
├─6863 php-fpm: pool www
├─6864 php-fpm: pool www
├─6865 php-fpm: pool www
└─6866 php-fpm: pool www

 ____                  __          ____
/ __ \____  _____ ____/ /_  ____  / / /_

/ // / __ `/ / / __ / __ / / _/
/ / // ( |
) /
/ / /
/ / / /
/
/ _
,
/
//./_//__/

Open source password manager for teams

Healthcheck shell…Notice Error: Undefined index: message
In [/usr/share/php/passbolt/src/Utility/Healthchecks/DatabaseHealthchecks.php, line 72]

2022-03-02 15:19:58 Notice: Notice (8): Undefined index: message in [/usr/share/php/passbolt/src/Utility/Healthchecks/DatabaseHealthchecks.php, line 72]
Exception: Connection to Mysql could not be established: SQLSTATE[HY000] [2002] No such file or directory
In [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php, line 140]

Did you followed our installation guide until the end: Passbolt Help | Install Passbolt CE on CentOS 7 ?

Was the passbolt-configure script successful ? It appears you have no passbolt database configured.

According to your php-fpm.service status, the php-fpm service is disabled:

Mine is enabled:

The “enable” status of php-fpm service is done by passbolt-configure script.

Cheers,

Yes, I followed exactly what is in that link, I finished the installation without errors, and I would start step 2 (Configure passbolt)
Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt can be reached. You will reach the getting started page.

But, when I try to access hostname/ip, I got BAD GATEWAY

INSTALLATION LOG;

[root@srv-app03 ~]# sudo /usr/local/bin/passbolt-configure
================================================================
           ____                  __          ____
          / __ \____  _____ ____/ /_  ____  / / /_
         / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
        / ____/ /_/ (__  |__  ) /_/ / /_/ / / /_
       /_/    \__,_/____/____/_,___/\____/_/\__/

      The open source password manager for teams
      (c) 2020 Passbolt SA
      https://www.passbolt.com
================================================================
==============================================================
Do you want to install a local mariadb server on this machine?
==============================================================
1) yes
2) no
#? 1
=======================================================
Please enter a new password for the root database user:
=======================================================
MariaDB Root Password:
MariaDB Root Password (verify):
======================================================
Please enter a name for the passbolt database username
======================================================
Passbolt database user name:passbolt
=======================================================
Please enter a new password for the mysql passbolt user
=======================================================
MariaDB passbolt user password:
MariaDB passbolt user password (verify):
==============================================
Please enter a name for the passbolt database:
==============================================
Passbolt database name:passbolt
================================================================================
On virtualized environments GnuPG happen to find not enough entropy
    to generate a key. Therefore, Passbolt will not run properly.
    Do you want to install Haveged to speed up the entropy generation on
    your system? Please check https://help.passbolt.com/faq/hosting/why-haveged-
virtual-env
================================================================================
1) yes
2) no
#? 1
================================================================================
Setting hostname...
    Please enter the domain name under which passbolt will run.
    Note this hostname will be used as server_name for nginx
    and as the domain name to register a SSL certificate with
    let's encrypt.
    If you don't have a domain name and you do not plan to use
    let's encrypt please enter the ip address to access this machine
================================================================================
Hostname:mydomain.com.br
================================================================================
Setting up SSL...
    Do you want to setup a SSL certificate and enable HTTPS now?
    - manual: Prompts for the path of user uploaded ssl certificates and set up
nginx
    - auto:   Will issue a free SSL certificate with https://www.letsencrypt.org
 and set up nginx
    - none:   Do not setup HTTPS at all
================================================================================
1) manual
2) auto
3) none
#? 1
Enter the path to the SSL certificate: /etc/ssl/certificado.crt
=====================================================
Please introduce a valid path to your ssl certificate
=====================================================
Enter the path to the SSL certificate: /etc/letsencrypt/certificado.crt
Enter the path to the SSL privkey: /etc/letsencrypt/mydomain.com.br.key
=============================
Installing os dependencies...
=============================
===================
Setting up nginx...
===================

Thanks for the details, I guess there was an error while running the passbolt-configure script.

Do you still have this error in nginx error logs, even with php-fpm service up and running ?

2022/03/02 11:39:37 [crit] 2467#2467: *8 connect() to unix:/run/php-fpm/www.sock failed (2: No such file or directory) while connecting to upstream, client: 10.120.1.18, server: myserver.com, request: “GET / HTTP/1.1”, upstream: “fastcgi://unix:/run/php-fpm/www.sock:”, host: “myserver.com”

Regarding this part:

I noticed you have selected manual SSL certificate configuration. These letsencrypt certificates have been generated on another machine ? I ask this because if your server is reachable from the internet on port 80, you can select the auto method to get let’s encrypt certificate automatically generated.

Do you have the end of the script output ? The mariadb and firewall parts are missing.

The script should end with:

================================================================================
Installation is almost complete. Please point your browser to
  https://mydomain.com.br to complete the process
================================================================================

Best,

Yes, I’m still getting the same error. Php-form is now enabled and running.

I don’t have this part of the installation log, mine ended up right there where I copied it up here
I thought I would configure the mariadb and firewall in the wizard through the brownser.

About SSL, I have my own certificate and I put it later in the nginx.conf file, but now I only leave port 80 to not have more complications.

any ideas what i can still do?

I saw here because the script stopped on nginx…it is not able to enable nginx in the installation script because it tries to set ipv6 to listen on port 80, but my server is not ipv6 enabled, so it stops the nginx install script

Setting up nginx…

Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx.service” and “journalctl -xe” for details.
[root@srv-app03 ~]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2022-03-02 14:57:45 -03; 6s ago
Process: 4988 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 4986 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 4560 (code=exited, status=0/SUCCESS)

Mar 02 14:57:45 srv-app03 systemd[1]: Stopped The nginx HTTP and reverse proxy server.
Mar 02 14:57:45 srv-app03 systemd[1]: Starting The nginx HTTP and reverse proxy server…
Mar 02 14:57:45 srv-app03 nginx[4988]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 02 14:57:45 srv-app03 nginx[4988]: nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
Mar 02 14:57:45 srv-app03 nginx[4988]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 02 14:57:45 srv-app03 systemd[1]: nginx.service: control process exited, code=exited status=1
Mar 02 14:57:45 srv-app03 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Mar 02 14:57:45 srv-app03 systemd[1]: Unit nginx.service entered failed state.
Mar 02 14:57:45 srv-app03 systemd[1]: nginx.service failed.

@Renato You could change /etc/nginx/nginx.conf so it is just listen 80 instead of listen [::]:80. Then service nginx reload.

Hi @garrett,

I already did that, the problem is that I run sudo /usr/local/bin/passbolt-configure, the installation stops on nginx with the following error;

Setting up nginx…

Job for nginx.service failed because the control process exited with error code. See “systemctl status nginx.service” and “journalctl -xe” for details.

[root@srv-app03 ~]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2022-03-02 17:16:25 -03; 8min ago
Process: 1978 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 1976 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Mar 02 17:16:25 srv-app03 systemd[1]: Starting The nginx HTTP and reverse proxy server…
Mar 02 17:16:25 srv-app03 nginx[1978]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Mar 02 17:16:25 srv-app03 nginx[1978]: nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
Mar 02 17:16:25 srv-app03 nginx[1978]: nginx: configuration file /etc/nginx/nginx.conf test failed
Mar 02 17:16:25 srv-app03 systemd[1]: nginx.service: control process exited, code=exited status=1
Mar 02 17:16:25 srv-app03 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Mar 02 17:16:25 srv-app03 systemd[1]: Unit nginx.service entered failed state.
Mar 02 17:16:25 srv-app03 systemd[1]: nginx.service failed.

If I change the nginx.conf to not listen on port [::]:80, when I run the installation script, again it sets this port in nginx.conf automatically, understand?