Solution 1:

Things I would check:

  • Permissions on `/etc/nginx/.htpasswd` - Can the file be read by the account running nginx? You could try, temporarily, using `chmod 644` to make sure everyone can read it. If that works, then you can sort out an appropriate combination of `chown` and `chmod` settings so that nginx and you/root can read it but other users cannot (for security).
  • Ensure that `htpasswd` is generating the hash in the right form; it's usually about 13 alphanumeric characters (for example `username:wu.miGq/e3nro`). The command CAN generate MD5 hashes too which would look more like `username:$apr1$hzB2K...$b87zlCYMKufOxn9ol5QV4/` these don't work with nginx.
  • Look into increasing the debug output of nginx and check the error logs for clues.

Solution 2:

Old thread, but no answer, and well referenced on Google.

If you get this error and have tried the other suggestions, check the permissions of the parent folder of your .htpasswd file: the nginx user (www-data by default) should have read and execute permissions (this fixed it for me).

Solution 3:

Another gotcha I ran into on bash. Instead of entering my password via prompt I used the -b option of htpasswd to enter the password in-line.

$ htpasswd -nb admin test123$secure

I couldn't understand why my I kept on running into password mismatch errors, trying different encryption algorithms. I verified with curl that it worked:

$ curl -u admin:test123$secure https://example.com

Finally, the problem reveiled itself through echo

$ echo test123$secure
test123

I made the mistake of using a dolar sign ($) in bash which was interpreted as an empty variable, thus omitting everything else. This can be avoided by dropping the -b option and just using the prompt to enter the password.