Balena login unauthorized

I’m having a lot of trouble just getting through the ‘getting started’ tutorial of open-balena. After spening multiple evenings regardings this problem I guess it’s time for help.

I’m executing balena login and keep getting ‘unauthorized’ error when I enter my credentials.
I tried all of the ‘ideas’ and ‘solutions’ from the following topic: BalenaRequestError: Request error: Unauthorized

Things I’ve tried:

  • Reinstalled open-balena multiple times (even with fresh ubuntu)
  • Deleted config and executing ‘quickstart’-script again
  • Tried messing with the password
  • Deleting haproxy and cert-provider images

I am executing the balena commands with powershell. When I use default commandprompt I get the `SELF_SIGNED_CERTIFICATE’ error which is weird. You would expect to get the same unauthorized error right?

Anyone any ideas?

Hi there @gerb0n and welcome to the forums. Thanks for trying openBalena!

Could you confirm that when you execute balena login that the correct hostname is showing up for your instance? When the ascii art ‘balena’ logo appears, underneath that it should say logging into <your hostname>.

Hi @chrisys. Yes the correct hostname is showing up. I configured it inside the _balenarc.yml.

Also when I shutdown my containers with /scripts/compose down and I try to login I get a ‘connection refused’ which tells me that part of the configuration is correct.

@gerb0n OK, great. In that case can you post the full output of the command when you run balena login using the default command prompt; the one that talks about self signed certificates? Hopefully that will give us more information to work with.

@chrisys It’s not talking about self signed certificates anymore. They both are now giving unauthorized errors so atleast I have some consistency.

BalenaRequestError: Request error: Unauthorized
at C:\Program Files\balena-cli\client\node_modules\balena-request\build\request.js:197:17
at tryCatcher (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\util.js:16:23)
at Promise._settlePromiseFromHandler (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\promise.js:517:31)
at Promise._settlePromise (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\promise.js:574:18)
at Promise._settlePromise0 (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\promise.js:619:10)
at Promise._settlePromises (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\promise.js:699:18)
at _drainQueueStep (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\async.js:138:12)
at _drainQueue (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\async.js:131:9)
at Async._drainQueues (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\async.js:147:5)
at Immediate.Async.drainQueues (C:\Program Files\balena-cli\client\node_modules\bluebird\js\release\async.js:17:14)
at runCallback (timers.js:810:20)
at tryOnImmediate (timers.js:768:5)
at processImmediate [as _immediateCallback] (timers.js:745:5)

If you need help, don't hesitate in contacting our support forums at

For bug reports or feature requests, have a look at the GitHub issues or
create a new one at:

Hey, did you make sure to follow the step in order to register your self signed cert? My expectation is that the cli is actually failing due to the self signed cert but is pattern matching it to an unauthorized error, specifically the export NODE_EXTRA_CA_CERTS=~/open-balena/config/certs/root/ca.crt would need to be run in each new terminal you open that you want to run balena cli command in unless you persist it in your env. Assuming you’ve done that then you might be able to get more info by running DEBUG=1 balena login

@_Page Yes, I am sure that I followed those steps. When I am not running the export NODE_EXTRA_CA_CERTS command I’m getting the SELF_SIGNED_CERTIFICATE error on balena login. When I do run the command I get an unauthorized error. That makes me want to think the certificate is correctly set.

  • I ran ./scripts/quickstart with -U, -P and -d parameters
  • I started the containers with ./compose up -d
  • I installed the ./config/certs/root/ca.crt on the server where open-balena is running with the following commands
    ** cp ca.crt /usr/local/share/ca-certificates/ca.crt
    ** update-certificates (it mentioned adding one certificate)
    ** systemctl restart docker (so docker would pickup the new certificate)
  • I downloaded that same ca.crt to my development machine (Windows 10 64x) and saved it to ‘C:\certificates\mydomain\ca.crt’
  • I start a commandprompt and execute certutil -addstore -f "ROOT" ca.crt while being in that folder with the ca.crt
  • I downloaded and installed balena-cli with the x64 installer for windows. I did however create the _balenarc.yml manually in the %USERPROFILE% folder because the installer does not create it for you.
  • Before running balena login I run the set NODE_EXTRA_CA_CERTS=C:\certificates\mydomain\ca.crt command

I’ve done the steps above like 10 times, even with fresh OS. There must be something obvious that I keep messing up.

The unauthorized error shown above was already generated with debug-mode enabled. Not sure what more info I can retrieve.

Ok, I’ve pinged team members who would know more about anything special you might be missing but they won’t be able to reply until tomorrow. In the meantim the other place you can get info from is the the api, if you enter the open-balena-api container and run journalctl -f and then try the login you should get logs output about the failure that might help

I honestly can’t believe what the problem was… I am used to ‘cmder’ as my main console-software and normally pasting from clipboard works fine on there. I have a pretty long, weird generated password so I never bothered to enter the password manually and pasted it in commandprompt and/or powershell. Turns out it adds some extra characters making my password invalid. And I couldn’t notice that as the password input on balena login is hidden… :man_facepalming:

I appreciate the help from you guys. I’m looking forward to use the platform!