403 Forbidden when enrolling Security Engine

cyprien · December 21, 2025, 9:19am

Hello

I am new to crowdsec and I find it exciting,

I enrolled a security engine to your dashboard through API and the CLI.

It didn’t show any “remediation”/bouncer so I tried to delete the Security Engine through the web page to add it again.

I could delete the Security Engine.

Now when I try to enroll again I get this error and I cannot figure out why

[root@online ~]# sudo cscli console enroll --trace XXXXX
DEBUG Using /etc/crowdsec/config.yaml as configuration file
DEBUG the option 'daemonize' is deprecated and ignored
DEBUG Enabled feature flags: none
TRACE No decision_bulk_size value provided, using default value of 1000
DEBUG Console configuration '/etc/crowdsec/console.yaml' loaded successfully
DEBUG [URL] POST https://api.crowdsec.net/v3/watchers/enroll
TRACE req-jwt: POST /v3/watchers/enroll HTTP/1.1
Host: api.crowdsec.net
Content-Type: application/json
User-Agent: crowdsec/v1.7.4-rpm-pragmatic-amd64-469b374e-linux

{"attachment_key":"XXXX","name":"","tags":[],"overwrite":false}
DEBUG refreshing jwt token for 'a20e537d5e074b9da46ae082638278f4YSHaYd0uGwYCbTHy'
DEBUG scenarios list updated for 'a20e537d5e074b9da46ae082638278f4YSHaYd0uGwYCbTHy'
TRACE auth-jwt request: POST /v3/watchers/login HTTP/1.1
Host: api.crowdsec.net
Content-Type: application/json
User-Agent: crowdsec/v1.7.4-rpm-pragmatic-amd64-469b374e-linux

{"machine_id":"a20e537d5e074b9da46ae082638278f4YSHaYd0uGwYCbTHy","password":"XXXX","scenarios":["crowdsecurity/auditd-base64-exec-behavior","crowdsecurity/auditd-postexploit-exec-from-net","crowdsecurity/auditd-postexploit-pkill","crowdsecurity/auditd-postexploit-rm","crowdsecurity/auditd-suid-crash","crowdsecurity/auditd-sus-exec","crowdsecurity/ssh-bf","crowdsecurity/ssh-cve-2024-6387","crowdsecurity/ssh-generic-test","crowdsecurity/ssh-refused-conn","crowdsecurity/ssh-slow-bf"]}
DEBUG auth-jwt(auth): POST https://api.crowdsec.net/v3/watchers/login
DEBUG auth-jwt : http 403
TRACE auth-jwt response: HTTP/2.0 403 Forbidden
Content-Length: 23
Content-Type: application/json
Date: Sun, 21 Dec 2025 09:11:21 GMT
X-Amz-Apigw-Id: V7n1HGZ2joEEJXw=
X-Amzn-Errortype: ForbiddenException
X-Amzn-Requestid: 01cbe292-8a49-44af-9585-ba2c9a6137b4

{"message":"Forbidden"}
DEBUG received response status "403 Forbidden" when fetching https://api.crowdsec.net/v3/watchers/login
Error: cscli console enroll: could not enroll instance: Post "https://api.crowdsec.net/v3/watchers/enroll": API error: Forbidden
[root@online ~]# cscli capi register
Error: cscli capi register: api client register ('https://api.crowdsec.net/'): api register (https://api.crowdsec.net/) http 403 Forbidden: API error: Forbidden

Is there something I can do ?

Thank you for your help;

cyprien · December 22, 2025, 7:40am

looks like it works now

just waited 24h

thank you

Topic		Replies	Views
Console enroll failing crowdsec	8	331	March 6, 2025
Beta CrowdSec instances forbidden warning	3	731	March 25, 2022
Probelms setting up crowdsec on OPNsense 25.1.5:5 crowdsec	1	188	April 28, 2025
Couple months after setting up Crowdsec it stopped working crowdsec	3	223	July 2, 2025
CrowdSec Access Forbidden	1	1019	July 30, 2024

403 Forbidden when enrolling Security Engine

Related topics