Failing deployment of strapi 5.25.0

romanw · October 3, 2025, 12:43pm

I still have an the issue with strapi 5.25.0.

My Github Repo is on strapi 5.25.0, which workes with node 20.11 on my local machine.

If I deploy with cleavr (push from Github or manually), cleavr is reporting an successfull deployment.

Then I get a 502 error for a short while and then strapi is back with the old version.

The artifact-directory points to the deployment with strapi 5.23.6.

The current and latest-directories point to the last deployment with 5.25.0.

If I change cwd in the PM"-settings from cwd: “/home/strapi/xxxxxx.com/artifact” to cwd: “/home/strapi/cms.woka.com/current”, the Login page is shown, but when loggin in, strapi shows an “internal server error”-message.

I also tried to deploy to a new site with the same DB. But then also I get the strapi error message at login.

So 2 things: Why is cleavr not deploying the latest version? Why is there a server error in strapi 5.25.0?

anish · October 7, 2025, 4:42pm

Hello @romanw,

We’re investigating the deployment issue with Strapi 5. Is it the case that you’re trying to update a project that was previously deployed with Strapi 5.23.6 to version 5.25.0?

anish · October 7, 2025, 6:10pm

Hello @romanw,

It looks like Strapi is experiencing some issues with versions 5.24.x and 5.25.x. Below are some links to discussions where users have shared that they’re also encountering similar issues, particularly internal server errors during login or signup.

github.com/strapi/strapi

Documented Workaround: Authentication problem in admin panel

opened 07:02AM - 25 Sep 25 UTC

alxnkt

issue: bug severity: medium source: core:admin status: pending reproduction version: 5 source: core:core

### Node Version 22.19.0 ### NPM/Yarn/PNPM Version NPM 10.9.3 ### Strapi Ver…sion 5.24.0 ### Operating System Linux (Other) ### Database PostgreSQL ### Javascript or Typescript Typescript ### Reproduction URL _No response_ ### Bug Description I'm facing issue in my production environment when trying to authenticate in strapi admin panel after upgrading from 5.23.6 to 5.24.0 version. Server returns `500 Internal Server Error`. Strapi log says: `error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection` After upgrading strapi, I added settings according to issue [#24346](https://github.com/strapi/strapi/pull/24346) description like this: ```js // config/admin.js export default ({ env }) => ({ auth: { secret: env('ADMIN_JWT_SECRET'), sessions: { // some default settings... }, cookie: { sameSite: 'lax', path: '/admin', domain: 'api.mydomain.com', }, }, url: 'dashboard', // ... }); ``` ```js export default ({ env }) => ({ 'users-permissions': { config: { jwtManagement: 'refresh', sessions: { // some default settings... cookie: { // some default settings... domain: 'api.mydomain.com', secure: env.bool('UP_SESSIONS_COOKIE_SECURE', process.env.NODE_ENV === 'production'), }, }, }, }, }); ``` However, I'm able to login to the admin panel in my local development environment. Authentication for ordinary users works fine in both development and production environments. ### Steps to Reproduce 1. Upgrade working strapi project from 5.23.6 to 5.24.0 version. 2. Run strapi backend on server behind nginx reverse proxy (in docker container in my case). 3. Try to login to admin panel, and get 500 error. ### Expected Behavior Successfully login to the strapi admin panel. ### Logs ```shell error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection ``` ### Code Snippets _No response_ ### Media _No response_ ### Additional information _No response_ ### Confirmation Checklist - [x] I have checked the existing [issues](https://github.com/strapi/strapi/issues) for duplicates. - [x] I agree to follow this project's [Code of Conduct](https://github.com/strapi/strapi/blob/develop/CODE_OF_CONDUCT.md).

github.com/strapi/strapi

Strapi 5.24.0+ Admin Login Errors – Secure Cookie & JWT Token Persistence

opened 07:12PM - 03 Oct 25 UTC

closed 02:10PM - 06 Oct 25 UTC

emreermenek

issue: bug severity: medium source: core:core

### Node Version Tested with Node.js v18.20.8 (LTS) and v22.16.0 (Current) – is…sue occurs on both ### NPM/Yarn/PNPM Version npm 10.x – version does not affect the issue ### Strapi Version 5.25.0 (bug occurs) 5.22.0 (works as expected) ### Operating System Linux (Debian/Ubuntu) ### Database PostgreSQL ### Javascript or Typescript Typescript ### Reproduction URL _No response_ ### Bug Description # Strapi 5.24.0+ Admin Login Errors – Solutions ## Errors 1. ``` error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection http: POST /admin/login (213 ms) 500 ``` 2. Login returns `200` but does not save JWT token → session cannot be created **Reason:** version mismatch --- ## Solution (Docker – Server) 1. **Downgrade Strapi to 5.22.0** ```bash cd /path/to/project/backend # remove ^ from package.json for version locking sed -i 's/"@strapi\/\([^"]*\)": "\^/"@strapi\/\1": "/g' package.json cat package.json | grep "@strapi" ``` Expected output: ```json "@strapi/admin": "5.22.0", "@strapi/plugin-cloud": "5.22.0", "@strapi/strapi": "5.22.0", ``` 2. **Clear cache and lock files** ```bash cd backend rm -rf .cache build package-lock.json ``` 3. **Update Dockerfile** If you have: ```dockerfile RUN npm ci --only=production && npm cache clean --force ``` Change to: ```dockerfile RUN npm install --omit=dev && npm cache clean --force ``` 4. **Rebuild Docker** ```bash docker-compose down docker rmi project_backend docker-compose build backend --no-cache docker-compose up -d ``` 5. **Browser cleanup (if needed)** ```javascript localStorage.clear(); sessionStorage.clear(); location.reload(); ``` --- ## Solution (Local – Development) 1. **Align versions** ```bash npm install @strapi/strapi@5.22.0 @strapi/admin@5.22.0 @strapi/plugin-cloud@5.22.0 npm list @strapi/admin # should be 5.22.0 ``` 2. **Clear cache and build** ```bash rm -rf .cache rm -rf build rm -rf node_modules rm package-lock.json npm install ``` 3. **Browser cleanup** ```javascript localStorage.clear(); sessionStorage.clear(); location.reload(); ``` --- With these steps, both the **secure cookie error** and the **JWT token persistence issue** are resolved. ### Steps to Reproduce 1. Start a new Strapi project with version 5.24.0 or higher (tested with v5.25.0). 2. Use PostgreSQL as the database. 3. Run inside Docker (Ubuntu 22.04 host). 4. Try logging into the admin panel. 5. Either: - See the secure cookie error in the logs. - Or receive a 200 response but no session is created (JWT not saved). ### Expected Behavior - Admin login should work without errors. - Secure cookie handling should not fail when behind proxy or in HTTP (before SSL is configured). - JWT token should persist across restarts if ADMIN_JWT_SECRET is defined in .env. ### Logs ```shell error: Failed to create admin refresh session Cannot send secure cookie over unencrypted connection http: POST /admin/login (213 ms) 500 ``` ### Code Snippets // package.json (working config after downgrade) "@strapi/admin": "5.22.0", "@strapi/plugin-cloud": "5.22.0", "@strapi/strapi": "5.22.0" # Dockerfile fix RUN npm install --omit=dev && npm cache clean --force ### Media _No response_ ### Additional information The issue started appearing after deleting package-lock.json / node_modules / build / .cache and reinstalling dependencies with `npm install`. Same behavior observed both locally and in Docker (server). Downgrading all @strapi packages to v5.22.0 fixed the issue. ### Confirmation Checklist - [x] I have checked the existing [issues](https://github.com/strapi/strapi/issues) for duplicates. - [x] I agree to follow this project's [Code of Conduct](https://github.com/strapi/strapi/blob/develop/CODE_OF_CONDUCT.md).

To fix the internal server error issue, you can downgrade to version 5.23.x, as the issue is still being investigated.

I can see that the current and artifact folders are associated with different releases in your setup. We’re further investigating the issue and will get back to you once we have an update.

Please let us know if you encounter any other issues or have any additional queries.

anish · October 9, 2025, 12:07pm

A workaround for the “Cannot send secure cookie over unencrypted connection” error in Strapi 5.25.0 has been shared by a user in the Strapi GitHub issues discussion. Failed to create admin refresh session Cannot send secure cookie over unencrypted connection · Issue #24535 · strapi/strapi · GitHub

For the other issues reported by @romanw, we have been in contact through Feedmas.

(Edited)