GitLab Login Error: ERROR for site owner: Invalid domain for site key (reCAPTCHA)

Hello Friends:

  • Version: gitlab-ce-13.5.4-ce.0.el7.x86_64 (Fedora / CentOS RPM)
  • Error: ERROR for site owner: Invalid domain for site key (reCAPTCHA)

I’ve been running my instance for months and never experienced this error when trying to log into the GitLab UI.

I’m locked out of the UI, even as administrator, because reCAPTCHA indicates an invalid site key (… and therefore no longer renders the expected reCAPTCHA checkbox). A solution would need to be via the Command Line / CLI; e.g. /etc/gitlab/gitlab.rb or gitlab-ctl or something else.

Not that I tried this option (shown here), but it’s not being respected:

root# vi /etc/gitlab/gitlab.rb
    nginx['proxy_set_headers'] = { 'X-GitLab-Show-Login-Captcha' => '0' }
root# gitlab-ctl reconfigure
root# gitlab-ctl stop
root# gitlab-ctl start

Any ideas? I’m stuck. Please help. Thank you in advance!

NOTE: I marked this as a solution, but it is only so if you have a PERSONAL-ACCESS-TOKEN (i.e. ReST API TOKEN) for your GitLab instance, with Admin privileges.

My above issue emanated from my changing the domain from gitlab.example1.com to gitlab.example2.com, and forgetting to generate Google reCAPTCHA keys for the new domain, and subsequently not updating them in GitLab (or at least adding the new domain to the existing reCAPTCHA entry at Google).

That said, my above reconfiguration of /etc/gitlab/gitlab.rb did not help me regain access to the UI (i.e. to circumvent being locked out), which is problematic!

Fortunately, I was able to gain access via my having previously generated and saved a GitLab ReST API - PERSONAL ACCESS TOKEN (with All Scopes / Full Admin privileges). Using that, I updated the reCAPTCHA keys via the CLI as follows:

user$ curl --request PUT --header \
       "PRIVATE-TOKEN: <PersonalAccessToken>" \
       "https://gitlab.example.com/api/v4/application/settings?recaptcha_private_key=<SecretKey>&recaptcha_site_key=<SiteKey>"

If not for that, I’d be permanently locked out.

There should be a /etc/gitlab/gitlab.rb setting that works to disable reCAPTCHA checks for both sign-ups and for login attempts.

BTW: A separate possibility for lockout is if an Administrator doesn’t enter v2 reCAPTCHA keys but rather v3 reCAPTCHA keys; which I understand is not (as of this writing) supported.

I hope this helps others. :blush: