After upgrade’ing Ghost to version 5.118.0 I cannot login to Ghost admin.
Probobably this is because I used the toogle for MFA. My ghost doesn’t use any email collecting features, newsletters. It’s just blog with a single post so far. It doesn’t allow me where I logged out and tried logging again. However I have other browsers where I am still logged in and there I can still use admin panel. However once logged out I would not be able to log back in.
When I cannot login it only shows red bar at the top sayin “There was a problem on the server”.
For that to work, you’ll need to set up configuration for transactional email sending – that is separate from newsletter setup with Mailgun:
Once you’ve done that, you’ll receive the tokens to log in.
As an alternative – though I have not tested that – you could downgrade to a previous version of Ghost, that does not implement the device verification.
Would it really solve my problem, as currently I have 2FA turned off and the issue occurs even without prompting me for any code or stuff like that?
There is this bar about server issue at the top just at the step of putting email and password to login.
That slider affects (when I asked a couple weeks ago) whether 2FA requirements happen on every login, or just first logins from devices. It doesn’t actually turn 2FA off entirely.
Your Ghost logs may be in (ghost directory)/content/logs. It depends a bit on server configuration, but I’d start there.
Setting up outbound email can be pretty easy. You can set up Mailgun in config.production.json. If you’re going to use Mailgun SMTP (which is what the docs show), you’ll need port 2525 on Digital Ocean - they’ve got more common ports blocked. Or you can use the Mailgun API for transactional email also – see here: Missing documentation for mail config options – Mailgun API support. If you’ve already got a Mailgun account, it should be a 10 minute job.
This is what ghost log -f outputs from the moment of ghost restart to trying to login to as admin
[2025-04-28 00:29:55] INFO Your site is now available on https://piotrowskiadam.pl/
[2025-04-28 00:29:55] INFO Ctrl+C to shut down
[2025-04-28 00:29:55] INFO Ghost server started in 0.454s
[2025-04-28 00:29:55] INFO Bootstrap client was closed.
[2025-04-28 00:29:55] INFO Database is in a ready state.
[2025-04-28 00:29:55] INFO Ghost database ready in 0.724s
[2025-04-28 00:29:55] WARN Missing mail.from config, falling back to a generated email address. Please update your config file and set a valid from address
[2025-04-28 00:29:56] INFO Invalidating assets for regeneration
[2025-04-28 00:29:57] INFO Adding offloaded job to the inline job queue
[2025-04-28 00:29:57] INFO Scheduling job mentions-email-report at 45 11 * * * *. Next run on: Mon Apr 28 2025 01:11:45 GMT+0000 (Coordinated Universal Time)
[2025-04-28 00:29:57] INFO Adding offloaded job to the inline job queue
[2025-04-28 00:29:57] INFO Scheduling job clean-expired-comped at 52 17 4 * * *. Next run on: Mon Apr 28 2025 04:17:52 GMT+0000 (Coordinated Universal Time)
[2025-04-28 00:29:57] INFO Adding offloaded job to the inline job queue
[2025-04-28 00:29:57] INFO Scheduling job clean-tokens at 59 0 4 * * *. Next run on: Mon Apr 28 2025 04:00:59 GMT+0000 (Coordinated Universal Time)
[2025-04-28 00:29:57] INFO URL Service ready in 1382ms
[2025-04-28 00:29:57] INFO Ghost booted in 2.69s
[2025-04-28 00:29:57] INFO Adding offloaded job to the inline job queue
[2025-04-28 00:29:57] INFO Scheduling job update-check at 32 12 13 * * *. Next run on: Mon Apr 28 2025 13:12:32 GMT+0000 (Coordinated Universal Time)
[2025-04-28 00:29:57] INFO Running milestone emails job on Mon Apr 28 2025 00:29:57 GMT+0000 (Coordinated Universal Time)
[2025-04-28 00:29:57] INFO Bootstrap client was closed.
[2025-04-28 00:30:24] INFO "GET /ghost/" 200 240ms
[2025-04-28 00:30:24] INFO "GET /robots.txt?1745800224948" 200 5ms
[2025-04-28 00:30:24] INFO "GET /ghost/assets/chunk.524.9c1e444ecff073f053f5.js" 200 4ms
[2025-04-28 00:30:28] ERROR "GET /ghost/api/admin/users/me/?include=roles" 403 330ms
NAME: NoPermissionError
MESSAGE: Authorization failed
level: normal
"Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication."
NoPermissionError: Authorization failed
at authorizeAdminApi (/var/www/ghost/versions/5.118.1/core/server/services/auth/authorize.js:33:25)
at Layer.handle [as handle_request] (/var/www/ghost/versions/5.118.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/www/ghost/versions/5.118.1/node_modules/express/lib/router/route.js:149:13)
at authenticate (/var/www/ghost/versions/5.118.1/core/server/services/auth/session/middleware.js:55:13)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[2025-04-28 00:30:28] INFO "GET /ghost/api/admin/site/" 200 6ms
[2025-04-28 00:30:28] ERROR "GET /ghost/api/admin/users/me/?include=roles" 403 4ms
NAME: NoPermissionError
MESSAGE: Authorization failed
level: normal
"Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication."
NoPermissionError: Authorization failed
at authorizeAdminApi (/var/www/ghost/versions/5.118.1/core/server/services/auth/authorize.js:33:25)
at Layer.handle [as handle_request] (/var/www/ghost/versions/5.118.1/node_modules/express/lib/router/layer.js:95:5)
at next (/var/www/ghost/versions/5.118.1/node_modules/express/lib/router/route.js:149:13)
at authenticate (/var/www/ghost/versions/5.118.1/core/server/services/auth/session/middleware.js:55:13)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
[2025-04-28 00:30:28] INFO "GET /ghost/api/admin/site/" 200 3ms
[2025-04-28 00:30:28] INFO "GET /ghost/api/admin/authentication/setup/" 200 18ms
[2025-04-28 00:30:34] WARN Missing mail.from config, falling back to a generated email address. Please update your config file and set a valid from address
[2025-04-28 00:30:34] WARN Missing mail.from config, falling back to a generated email address. Please update your config file and set a valid from address
[2025-04-28 00:31:34] INFO "POST /ghost/api/admin/session" 200 60002ms
What I read from it is that I don’t have email setup in some file? Would it work to just define it there without setting up a mailgun service? I guess if that would be obligatory now on newer versions of ghost, I will set it up eventually.
From version 5.118, you need to have transactional email set up so that you can deliver a verification code for admin. It doesn’t have to be mailgun, but you do need /something/ set up for transactional email, which is done in config.production.json.
Thanks, I managed to turn off double verification via email. However, if I would like to use outlook.com mail to receive my temporary codes would it be possible? (I don’t use anywhere the email address based on this domain website and I don’t plan to use newsletter features of ghost.)
I noticed you wrote in this other thread: "It’s possible to send those messages via an existing email provider — you don’t have to set up a whole mail server! :) "
What would I put as service in such case? And for user and password, I would put which credentials (to outlook.com service or my admin into ghost credentials)?
Or Am I getting it completely wrong, and I should just create this mail gun service?
