iOS - Failed to decrypt sign in response

Good afternoon,
I have set up a fresh install of Passbolt CE. I am running in a VM on proxmox with Ubuntu 22.04 LTS. I have it running in docker, and i have used the scripts provided on the website. I am running it in “HTTPS” mode in the docker config and I am reverse proxying it out with Nginx Proxy Manager and Lets Encrypt. I am using cloudflare for DNS and i am proxying through cloudflare. Overall my instance is working, I have Duo MFA enabled. My problem is when i try to set up the iOS app, I get “Failed to decrypt sign in response” I am unsure how to trouble shoot. Does anyone have any ideas? Below are the logs from the app:

Passbolt:
Device: iPhone iPhone
OS: 16.6
App: 1.14.2

[2023-06-18 19:23:17] Initializing the app…
[2023-06-18 19:23:17] …app initialization completed!
[2023-06-18 19:23:17] Verifying data integrity…
[2023-06-18 19:23:17] …data integrity verification finished
[2023-06-18 19:23:17] Fetching server configuration…
[2023-06-18 19:23:17] …server configuration fetching skipped!
[2023-06-18 19:23:17] [22EA566E-D279-4D20-B500-858F520B6FD1] HTTP GET /lookup
[2023-06-18 19:23:18] [22EA566E-D279-4D20-B500-858F520B6FD1] HTTP 200 /lookup
[2023-06-18 19:23:18] [1D4A759D-6D90-4D70-8763-7C68E2BD16ED] HTTP GET /img/avatar/user_medium.png
[2023-06-18 19:23:18] [1D4A759D-6D90-4D70-8763-7C68E2BD16ED] HTTP 200 /img/avatar/user_medium.png
[2023-06-18 19:23:25] Beginning authorization…
[2023-06-18 19:23:25] …creating new access token…
[2023-06-18 19:23:25] …fetching server public PGP key…
[2023-06-18 19:23:25] …fetching server public RSA key…
[2023-06-18 19:23:25] [204F4A8A-8577-44CE-86E2-0B598951285C] HTTP GET /auth/jwt/rsa.json
[2023-06-18 19:23:25] [E3D6F43E-B7F4-427C-BC2A-B0EF0FC33996] HTTP GET /auth/verify.json
[2023-06-18 19:23:25] [204F4A8A-8577-44CE-86E2-0B598951285C] HTTP 200 /auth/jwt/rsa.json
[2023-06-18 19:23:25] [E3D6F43E-B7F4-427C-BC2A-B0EF0FC33996] HTTP 200 /auth/verify.json
[2023-06-18 19:23:25] …verifying server public PGP key…
[2023-06-18 19:23:25] …preparing authorization challenge…
[2023-06-18 19:23:25] [524EA73E-2A1F-414C-B571-EA76256A20F1] HTTP POST /auth/jwt/login.json
[2023-06-18 19:23:26] [524EA73E-2A1F-414C-B571-EA76256A20F1] HTTP 200 /auth/jwt/login.json
[2023-06-18 19:23:26] Failed to decrypt sign in response
[2023-06-18 19:23:26] …authorization failed!
[2023-06-18 19:23:26] Failed to decrypt sign in response

Hi @bbisbee and welcome to the forum !

When everything seems to be configured properly but decryption still doesn’t work, it’s usually because of a problem of time synchronisation between both machines.

So, first, you need to make sure both the server and the smartphone are in time sync (even a few second shift is enough to block the decryption). The server might not run the needed service for that. So you could try on a terminal via SSH:

sudo systemctl start systemd-timesyncd

On your mobile phone you can follow the help page here if you don’t know how to proceed and set the time sync to automatic
Change the date and time on iPhone – Apple Support (UK).

Sorry ! I forgot about a bug we have on mobile at the moment.
Duo actually doesn’t work on mobile.
If you wish to sign-in via MFA on the mobile app, you will need to change the MFA option (OTP or Yubikey if you have).

Related Mention current lack of DUO support on mobile app by garrettboone · Pull Request #85 · passbolt/passbolt_help · GitHub

Y’all are awesome. Turning off Duo fixed it.