OTC Authenricator and Recovery Codes auth fails on active instance

Dear fellows, please help to identify the OTC auth issue with active working instance when OTC code and Recovery code not accepted while the password is correct

I found some answers but is seems not my case

Before I implemented 2FA Google Authenticator OTC for my account - everything work smoothly.
env keys N8N_MFA_ENABLED=false will not work for me

The only thing i’ve done after simple email:pass were stable is
docker volume prune
docker image prune -a

I’m not sure it may cause such issue.

ENV

DB_TYPE=postgresdb
DB_POSTGRESDB_HOST=srv-captain--pupsub-myhost-db
DB_POSTGRESDB_DATABASE=n8n
DB_POSTGRESDB_USER=n8n
DB_POSTGRESDB_PASSWORD={{mypgpass}}
GENERIC_TIMEZONE=UTC+04:00
TZ=UTC+04:00
NODE_ENV=productpupsubn
N8N_PROTOCOL=https
N8N_HOST=pupsub.myhost.com
N8N_DIAGNOSTICS_ENABLED=false
WEBHOOK_URL=https://pupsub.myhost.com
N8N_EDITOR_BASE_URL=https://pupsub.myhost.com
N8N_USER_MANAGEMENT_DISABLED=true
N8N_MFA_ENABLED=true
N8N_REINSTALL_MISSING_PACKAGES=false
N8N_ENCRYPTION_KEY={{mysecret}}

What is the error message (if any)?

my logs resulting after auth failures (caprover docker layer)

2024-03-25T03:13:04.844046044Z Error: error:1C800064:Provider routines::bad decrypt
2024-03-25T03:13:06.684010770Z Error: error:1C800064:Provider routines::bad decrypt
2024-03-25T09:34:21.664003534Z Error: error:1C800064:Provider routines::bad decrypt

Information on your n8n setup

  • n8n version: community Version: 1.31.1
  • Database (default: SQLite): PostgreSQL 16.2
  • n8n EXECUTIONS_PROCESS setting (default: own, main): default
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker caprover
  • Operating system: Centos 9

You have a mistake in the variable name

1 Like

Pardon, this is happen due to making mockup for the sake of posting of this question (autoraplaced)

I was hoping it would be easy :sweat_smile:

The error looks like there is an issue with decrypting the credentials. Is your n8n volume has been changed? Or the encryption key has been entered incorrectly?

Is your n8n volume has been changed?

I’m not sure, how it can be changed - if the system properly working and actively serving API requests and all the nodes are working properly.

Or the encryption key has been entered incorrectly?

What I have to say - the section N8N_ENCRYPTION_KEY={{mysecret}}
I created manually after I was denied accessing the dashboard and found this (following next log):

  1. 1st line whowing there is encryption key found
  2. last two lines - just the same denied reties with OTC Autneticator
2024-03-25T19:15:21.261643463Z No encryption key found - Auto-generated and saved to: /home/node/.n8n/config
2024-03-25T19:15:22.633288339Z Initializing n8n process
2024-03-25T19:15:22.972029514Z n8n ready on 0.0.0.0, port 5678
2024-03-25T19:15:23.457309390Z n8n detected that some packages are missing. For more information, visit https://docs.n8n.io/integrations/community-nodes/troubleshooting/
2024-03-25T19:15:23.457531257Z Attempting to reinstall missing packages
2024-03-25T19:15:49.660282022Z Packages reinstalled successfully. Resuming regular initialization.
2024-03-25T19:15:50.690386616Z Version: 1.31.1
2024-03-25T19:15:50.707840972Z ================================
2024-03-25T19:15:50.708149770Z Start Active Workflows:
2024-03-25T19:15:50.708189795Z ================================
2024-03-25T19:15:50.708712766Z - "Z-C-A" (ID: Q7***********3II)
2024-03-25T19:15:50.756861466Z => Started
2024-03-25T19:15:50.757197145Z - "Z-P-B" (ID: d9u**********5FH)
2024-03-25T19:15:50.761121560Z => Started
2024-03-25T19:15:50.773368266Z
2024-03-25T19:15:50.773409674Z Editor is now accessible via:
2024-03-25T19:15:50.773417168Z https://pupsub.myhost.com:5678/
2024-03-25T19:17:04.218414533Z Error: error:1C800064:Provider routines::bad decrypt
2024-03-25T19:17:05.579107870Z Error: error:1C800064:Provider routines::bad decrypt

The only issue — is Authentication.
As you may see - nodes acting properly.
And my email:pass is also valid.

But when I tried access with OTC it says - neah…

and the strange things happen if I remove this from .env

N8N_MFA_ENABLED=true
N8N_REINSTALL_MISSING_PACKAGES=false

I’ll get inability to launch active nodes, yet the same bad decrypt on reties to authenticate with OTC

2024-03-25T19:22:25.992388550Z No encryption key found - Auto-generated and saved to: /home/node/.n8n/config
2024-03-25T19:22:27.290172029Z Initializing n8n process
2024-03-25T19:22:27.640403982Z n8n ready on 0.0.0.0, port 5678
2024-03-25T19:22:28.100763839Z n8n detected that some packages are missing. For more information, visit https://docs.n8n.io/integrations/community-nodes/troubleshooting/
2024-03-25T19:22:29.102098797Z Version: 1.31.1
2024-03-25T19:22:29.108819915Z ================================
2024-03-25T19:22:29.108962141Z Start Active Workflows:
2024-03-25T19:22:29.109002246Z ================================
2024-03-25T19:22:29.109451078Z - "Z-C-A" (ID: Q7**********3II)
2024-03-25T19:22:29.114124958Z UnrecognizedNodeTypeError: Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks".
2024-03-25T19:22:29.114153342Z => ERROR: Workflow could not be activated on first try, keep on trying if not an auth issue
2024-03-25T19:22:29.114413880Z Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks".
2024-03-25T19:22:29.114941008Z Issue on initial workflow activation try of "Z-C-A" (ID: Q7**********3II) (startup)
2024-03-25T19:22:29.115744023Z - "Z-P-B" (ID: d9u*************FH)
2024-03-25T19:22:29.119398363Z UnrecognizedNodeTypeError: Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks".
2024-03-25T19:22:29.119423440Z => ERROR: Workflow could not be activated on first try, keep on trying if not an auth issue
2024-03-25T19:22:29.119428620Z Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks".
2024-03-25T19:22:29.119432537Z Issue on initial workflow activation try of "Z-P-B" (ID: d9u*************FH) (startup)
2024-03-25T19:22:29.119667418Z
2024-03-25T19:22:29.119690070Z Editor is now accessible via:
2024-03-25T19:22:29.119698997Z https://pupsub.myhost.com:5678/
2024-03-25T19:22:30.116972441Z Try to activate workflow "Z-C-A" (Q7**********3II)
2024-03-25T19:22:30.117026082Z - "Z-C-A" (ID: Q7**********3II)
2024-03-25T19:22:30.117606109Z UnrecognizedNodeTypeError: Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks".
2024-03-25T19:22:30.117961576Z -> Activation of workflow "Z-C-A" (Q7**********3II) did fail with error: "Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks"." | retry in 2 seconds
2024-03-25T19:22:30.118152793Z Try to activate workflow "Z-P-B" (d9u*************FH)
2024-03-25T19:22:30.118302784Z - "Z-P-B" (ID: d9u*************FH)
2024-03-25T19:22:30.118803343Z UnrecognizedNodeTypeError: Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks".
2024-03-25T19:22:30.118880227Z -> Activation of workflow "Z-P-B" (d9u*************FH) did fail with error: "Unrecognized node type: @formbricks/n8n-nodes-formbricks.formbricks"." | retry in 2 seconds
2024-03-25T19:22:32.121319069Z Try to activate workflow "Z-C-A" (Q7**********3II)
2024-03-25T19:26:55.271548459Z Error: error:1C800064:Provider routines::bad decrypt
2024-03-25T19:26:58.584731382Z Error: error:1C800064:Provider routines::bad decrypt

Did anyone can help? Still can’t access the dashboard… ((

Did you by any chance change the TZ environment variable after setting up MFA?

I didn’t added it initially, but I remember I tried to play with that vars, to change.
Because I found somewhere so it may help.
But the issue caused before I made my first move with change of TZ (I hope I right saying this).

What I do now - will try to guess which TZ it was before I made it such +4
Can you say please, what the initial state of TZ KEY:VALUE ?
May be it was empty or was not ?

I get my server UTC

image

I tested ENV with this settings

TZ=UTC+00:00  # as I understand just to be sure, I set it in ENV
GENERIC_TIMEZONE=UTC-06:00 # tried guessing with restarts -05:00 to +06:00 (11 tests)

no one work for me, same error

2024-04-08T13:16:53.642943097Z Error: error:1C800064:Provider routines::bad decrypt

I found: Time zones do not affect Google Authenticator’s mechanism, as it uses the Unix coordinated universal time (UTC) timestamp internally.

So, it seems something right on the server.

In that case, the only other possibility is that N8N_ENCRYPTION_KEY was changed at some point.
The fact that the logs keep saying No encryption key found - Auto-generated and saved, I think somehow the env variable is not getting set on the container, and the container is using a new random key at every startup.
Do you not have a volume configured to mount to /home/node/.n8n ?

Thanks for pointing out this.
I generated own N8N_ENCRYPTION_KEY={{mysecret}} as mentioned above, because I cant understand how to read that one which is generated on the server… To keep it stored.

nope, I have this
— how to do that, you mentioned, and what it is doing?

I just didn’t figured out how to access volume to read the files in docker over the caprover.