2FA ERROR: Authenticate => Invalid Token! Failed IP

[ghost]

short bug description:

2FA ERROR: Authenticate => Invalid Token! Failed IP ::ffff:127.0.0.1: {"error":"Invalid token."}

steps to reproduce the behavior:

1. enable 2FA
2. after clicking on "verify", my first OTP is successful
3. settings page changes from "enable 2FA" to "disable 2FA", indicating that my 2FA should work going forward
4. see error: after starting new RTL session in my browser. RTL accepts my password like always, but does not accept my entered OTP, and after several attempts it locks the login for 30min

my logs

show this error message every time I retried the above step 4:
2FA ERROR: Authenticate => Invalid Token! Failed IP ::ffff:127.0.0.1: {"error":"Invalid token."}

environment:

• Version of RTL = 0.15.0
• Version of CLN = 23.11
• Browser Firefox
• Operating system = ubuntu server

additional context: 1. RTL config, 2. CLN config, 3. nginx config, 4. UFW rules

1. relevant parts of my RTL config. Note that, changing the "lnServerUrl" to https://127.0.0:3001 did not work either

{
"port": "3000",
"defaultNodeIndex": 1
},
},
"Settings": {
"lnServerUrl": "https://localhost:3001"
}
}
],
"multiPassHashed": [redacted],
"secret2fa": [redacted]
}

2. relevant parts of my CLN config file are:

clnrest-port=3001 # REST Server
clnrest-protocol=https

3. relevant parts of my /etc/nginx/streams-enabled/rtl.conf are:

upstream rtl {
server 127.0.0.1:3000;
}
server {
listen 3002 ssl;
proxy_pass rtl;
}

4. my firewall rule.
   sudo ufw allow from 192.168.0.0/24 to any port 3002 comment 'Allow RTL from LAN'

final words:

after removing the "secret2fa" configuration line, my RTL still runs perfectly again. But of course, I'd be much happier if 2FA would work too. So any pointers or suggestions to solve my 2FA issue would be much appreciated. Thanks!

[jfrader]

Same thing happens to me, except it works for a few days, and then it starts to not work for the first section of the code timer, and then finally after more days it never works.