Used Zammad version: 6.4.0-1732617118.25f54743.bookworm
Used Zammad installation type: (source, package, docker-compose, …) package
Operating system: Debian 12
Browser + version: Any browser or version
Expected behavior:
Login
Actual behavior:
Trying to login with any account, admin or user, results in CSRF token verification failed! error
Steps to reproduce the behavior:
New install, went through initial setup, created another admin account that is also an agent, log out and unable to log back in. Did a reset of Zammad and went through initial setup again, but got the same result.
Zammad is setup with the LetsEncrypt SSL setup, http redirects to https and I’ve made the config change “RequestHeader set X-FORWARDED-PROTO ‘https’” and Ssl on.
EDIT: I can go through the process of resetting Zammad back to a clean install, go back through the initial setup and even create my admin account. As soon as I log out, I get the CSRF error when I try to log back in.
I found the following and it got my Zammad install working:
Solution 1 is to rename /etc/apache2/sites-available/zammad-le-ssl.conf to something other than a .conf file. I changed it to .bak and restarted zammad and now I can login.
I hope this helps anyone else that might be having this issue.