Today i tried logging in to vaultwarden, it asked me for my 2fa code and upon putting it in, it told me totp code was invalid or similar. I went to check the admin page > diagnostics and it tells me my browser time is slightly off from my server time, which what I think is the reason its not working. Even after I found some posts about this I couldnt solve this properly.
First screenshot is the diagnostics page, second one is my servers timedatectl:
I dont rlly know what I can do right now so I appreciate any help that I can receive. Thanks for reading
As I am a new user, here the second image with my servers time using timedatectl:
If the server time is correct (which I’ll assume it is, as timedatectl says NTP service: active ) your Browser time (i.e. your client’s operating systems time) is lagging behind by almost 1,5 minutes. So you’ll have to correct your device’s time (e.g. by synchronizing it with the network).
Tip: You can check how much your device’s clock is off by going to sites like https://www.time.gov/ or https://uhr.ptb.de/
As to how to set the time: it depends on your operating system. E.g. in most modern Linux distributions you can simply run sudo timedatectl set-ntp true (but I’d recommend also reading the Arch Wiki page on system time anyway as the hwclock maybe skewed).
The server time is correct and the browser time is off, yes. But it happens across multiple browsers and devices, thats why I had a hard time. Once I am back I will try out the command although I feel like I already tried it, thanks for trying to help tho.
I am gonna double check later if my server time isnt the one being off, although i think that one was right
But seeing this happen on all my devices, it might be my server time being off. I will dig deeper into that later
You should be able to check with one of the two sites which clock is off. Just because timedatectl says the NTP service is set to active does not mean it actually is correct.
it was my server being off by ~1 minute, I ended up fixing it and now vaultwarden gives me a green OK, thanks for helping me out on that one
I forgot to tell how I was fixing it for people having the same issue. I was able to fix it by using chrony. Since i wasnt having chrony installed initially, i installed it with “sudo apt install chrony”. If the time doesnt sync properly then, deactivating timedatectl and restarting it by first doing “sudo timedatectl set-ntp no”, then “sudo systemctl enable --now chrony” should help.
I dont know if there is a better way to do this, but this is what I found and as long as it works for me, its enough.
2 Likes
