[Jetpack 4.3] Error: Cookie nonce is invalid

Thanks for letting us know about this!

Could you let me know what other plugins are currently active on your site, so I can try to reproduce?

Could you also let me know how you had configured Jetpack in the first place? Was this an old Jetpack installation, or a site you had recently configured, and not updated before?

Jetpack had been working normally on my site up until I updated it to 4.3 yesterday.

Plugins I have installed:

– Ad Inserter
– Cloudinary
– Collapse-o-Matic
– Disqus Comment System
– Special Text Boxes
– SSL Insecure Content Fixer
– TablePress
– UpdraftPlus – Backup/Restore
– WP Code Highlight
– WP Crontrol
– WP Hide Post
– WP Statistics
– WP Super Cache

Thanks for the extra details. Could you let me know when your site was first connected to WordPress.com?

Could you also post your site URL here, so I can have a closer look at your Jetpack settings?

If you want it to remain private, you can also contact us via this contact form:
https://jetpack.com/contact-support/

https://ultimatephoneguide.com/

The site was connected to wordpress.com in approximately October 2014.

Could you tell me more about how HTTPS is set up on that site? What are your URL settings under Settings > General in your dashboard?

What happens when you change those URLs to use HTTPS, if they don’t yet?

My site uses CloudFlare’s Flexible SSL.

The site has had Flexible SSL enabled since 2015 without any issues with Jetpack.

The site and webhost itself do not use SSL. For this reason the site URL is set to use https:// under Settings > General. Setting the URL to https:// breaks the site.

CloudFlare’s CDN service converts the http to https using protocol rewriting.

https://support.cloudflare.com/hc/en-us/articles/203652674-What-is-Protocol-Rewriting-in-the-CloudFlare-Wordpress-Plugin

The CloudFlare plugin and SSL Insecure content fixer are used to prevent mixed content errors.

Now it appears Jetpack is showing a completely different error message:

Monitor failed to activate. SyntaxError: JSON.parse: unexpected non-whitespace character after JSON data at line 2 column 1 of the JSON data

Your setup is most likely what’s causing the issue. Could you try to follow the instructions here:
https://jetpack.com/support/getting-started-with-jetpack/configure-jetpack-cloudflare/

Setting the URL to https:// breaks the site.

Once CloudFlare is configured for that domain, and if you don’t use any other plugins to handle redirections from http to https, nothing should break, even if there is no SSL certificate for that domain with your hosting provider. That’s how I do it on my own site. ??

Let me know how it goes.

Sorry for posting here, but I have the same error. “Recommended features failed to activate. Error: Cookie nonce is invalid”

My plugins are:
Akismet, All In One WP Security, Cookie Law Info, Easy Social Share Buttons for WordPress, Jetpack by WordPress.com, Simple Follow Me Social Buttons Widget, Widget CSS Classes, WP Async CSS, WP SEO HTML Sitemap, WP Smush, WP Super Cache, WP Tab Widget, WP-Sweep, Yoast SEO.

I did what you said with cloudfare and added the rule to exclude wp-admin. Cleared the cookies afterwards, nothing changed. But I’m ineligible for ssl as they say, so I can’t do that. And I’m not in a position right now to pay for SSL.

What can we do to fix this?

my website is ambitionoasis.com

• This reply was modified 8 years, 2 months ago by kingmanu.

I followed the steps you linked.

When I add $_SERVER[‘SERVER_PORT’] = 443; to my config, the message shows in my dashboard:

Sorry, you are not allowed to access this page.

I get the same message if I try to deactivate the SSL plugin as well.

However, I downloaded a clean install of WordPress and restored a backup of the database and plugins from last month and Jetpack works perfectly now.

EDIT: Nevermind, After I logged in again its still showing the same errors in Jetpack.

• This reply was modified 8 years, 2 months ago by KemikalElite.

When I add $_SERVER[‘SERVER_PORT’] = 443; to my config, the message shows in my dashboard:

Sorry, you are not allowed to access this page.

I get the same message if I try to deactivate the SSL plugin as well.

That’s interesting. This could be specific to your hosting environment. However, since @kingmanu experiences similar issues without using HTTPS, I believe we can rule that out. That said, you both use CloudFlare. I can’t reproduce the issue on 2 of my sites that use CloudFlare, but my settings might be different from yours.

Could you both try to pause CloudFlare on your site for a bit, and see if it helps?

Hi. I’m not using CloudFlare and get this when trying to activate Photon:

My plugins:

404 to 301
Akismet
Broken Link Checker
Category Order
Custom Post Templates
Google Analyticator
Jetpack by WordPress.com
Media File Sizes
Page Excerpt
Page Links To
postMash
Quick Page/Post Redirect Plugin
Rename wp-login.php
Sitemap
Speedy Page Redirect
Sticky Manager
Strictly Google Sitemap
UpdraftPlus – Backup/Restore
User Role Editor
WP Image Size Limit
WP Smush
WP Super Cache
WP-Polls
WP-PostViews
WP-UserOnline

Thanks for the quick response @jeherve
I did what you said. paused cloudflare, cleaned cookies and everything, the same error I get. Tried incognito mode just to be sure, same thing.

Thanks for giving it a try. It appears that something is getting in the way of the unique values Jetpack sends to WordPress’ REST API when getting information about the modules in use on your site, or when you want to change the status of some of the modules.

This is most likely caused by a reverse proxy (CloudFlare, nginx, Varnish) that filters all requests made on your site. Since we’ve ruled out CloudFlare, something else must be getting in the way.

At this point, I’d like to run some more tests with you on your sites, to try to figure out what’s wrong. Could you all contact us via this contact form, and mention this thread?

Thanks!

OMG guys. I found the error. I deleted the WP Super Cache plugin, because I want to use another one. Now it worked to activate the wordpress function. It has something to do with WP Super Cache htaccess rules.

Disabling it didn’t worked for @kemikalelite probably because the htaccess rules were still there.

• This reply was modified 8 years, 2 months ago by kingmanu.
• This reply was modified 8 years, 2 months ago by kingmanu.