2FA error Provider routines::bad decrypt

AdriKant · November 13, 2024, 10:02pm

Describe the problem/error/question

I have migrated N8N from a server to another by:

exporting / importing credentials and workflows
copying the encryption key used in old server to the new one

Everything works fine (credentials are active and workflows run) but I am not able to enable the 2FA again.
I.e. I can see the QR code but my Google Authenticator app does not scan it.

What is the error message (if any)?

Could not check if an api key already exists.

error:1C800064:Provider routines::bad decrypt

Information on your n8n setup

n8n version: 1.67.1
Database (default: SQLite): postgres
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system: ubuntu

Jon · November 14, 2024, 12:11am

Hey @AdriKant

Did you copy anything else when moving servers? When you moved the encryption key did you just copy the config file or did you set the env option?

What happens if you disable 2FA, stop n8n, start n8n (not a restart but a stop and start) and try setting it up again?

Was the old server using the same Postgres database?

AdriKant · November 14, 2024, 6:27am

Hey @Jon
thanks for replying

I have not copied anything else when moving to new instance in new server

This is the precise sequence I followed to deal with the encryption key:

copied the key from the old config file
entered as environment variable and in the docker compose file
I have tried to restart (actually I do not recall if stop and start or restart) the container and the updated key was not considered
So I deleted the config file - restarted and the key was properly updated

Then imported credentials and workflows and started working normally.

The 2FA is not enabled now. I have tried to stop and start again but the error is still there, and if I try to enable it I get a QR code that does not seem valid for Google Authenticator.
If I press ‘this text code’ , in theory the code is copied to clipboard, but the clipboard is empty.

The old server was using Sqlite (and a version of N8N of 6 months ago), I am using Postgres only in the new server.

The new instance is installed with Coolify. 2FA was working on it before the activities I did yesterday:

update to latest image
forced update of the encryption key
import credentials and workflows

AdriKant · November 19, 2024, 12:33pm

Hi
at the end I have just redone the process on a fresh instance and it worked fine.

system · November 26, 2024, 12:34pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.