Could you try to scan it with other device? So far every QR code I've generated was valid.
Perhaps you are using some kind of browser add-on, which inverted colors of QR code?
You can also try re-enabling the 2FA (uncheck "Enable 2-factor authentication", save, then check it again, this will generate you a new code + secret).

If none of above - could you send me an email ( with URL to your QR code? Simply right-click on it and press "Copy the image address" (this may be different on browser).

RickoT This error currently pops up when you are trying to edit/modify/set 2FA for other admin account (even if your account is admin one). This is simply to prevent someone else from locking you out via 2FA replace. I guess we need to have some kind of superadmin role which would be limited to 1 user only and is able to modify such sensitive settings.

You can achieve that by proxy settings in domain section.

First of all - you might want to change default port of TinyCP by following this tutorial

Select any domain/subdomain which you want to use as TinyCP address or create a new one.

Go to domain proxy settings and set it like this:

In "Pass" and "Pass reverse" change TINYCP_URL (by default IP or domain assigned to this IP) and PORT (by default 8080) to the one that you are using. After saving changes - this should start working right away! Setting TINYCP_URL to (or other localhost IP you might have assigned) should do the work too.

You can also add Let's Encrypt to that domain like I did.

Hello, my guess is that you created an user with rank "customer". This rank is currently not allowed to sign in due to not finished permission system. If you want to create a new TinyCP user - make sure that you select "admin" role for now.

Special information will be added in rev. 391. Also the redirect will correctly transfer you back to login page (fixes 404 error).

Since rev. 393 there will be a new file where you can put your custom CSS code to override default style.

The file path is:


This file will persist through any updates and won't be replaced by us.

To preview changes in browser a force-reload might be required to refresh cached CSS files.

If you still have core WordPress files in domain directory - application installer will think, that WordPress is still installed - that's why Roundcube is not visible at this moment.

If you do not need WordPress in this domain - simply remove all WordPress files from:


Warnings will be fixed in v463.

This also comes with updated WordPress installer from 4.9.6 to 4.9.9 and separate one for 5.0.x version

Write a reply Edit a reply