Minecraft "Cannot Verify Secure Profile" Fix
If players suddenly fail to join your Minecraft Java dedicated server with a "Cannot verify secure profile" message, the problem is usually not raw server performance. It is almost always an authentication or chat-signing mismatch involving enforce-secure-profile, a proxy, a Bedrock bridge, or a chat-modifying plugin.
Most common cause: the server still has online-mode=true, but your stack includes Geyser, Floodgate, Velocity, Bungee, or a chat-rewriting plugin that no longer matches current secure-profile expectations.
Quick Triage
| Symptom | Likely Cause | First Fix |
|---|---|---|
| Vanilla Java players cannot join after an update | Outdated proxy or plugin | Update Paper, Velocity/Bungee, ViaVersion, and auth plugins |
| Bedrock players fail but Java players work | Geyser/Floodgate path needs relaxed secure profile handling | Set enforce-secure-profile=false and retest |
| Players join but chat breaks or kicks them later | Chat-signing or chat-format plugin conflict | Disable chat modifiers and test clean |
Step 1: Check the Relevant Server Properties
The key settings live in server.properties. On most public Java servers you should leave online-mode=true. The setting that usually needs attention is enforce-secure-profile.
online-mode=true
enforce-secure-profile=false
prevent-proxy-connections=falseUse this as a troubleshooting baseline if you run any proxy or Bedrock bridge. If you operate a plain Java-only server with no special auth layer, you can often leave enforce-secure-profile=true.
Step 2: Isolate Proxies and Bridges
- Update Velocity, Waterfall, or Bungee before changing random Paper settings.
- Update Geyser and Floodgate if Bedrock players are affected.
- Temporarily test with players connecting straight to the backend if your setup allows it.
- Retest after disabling chat-format, anti-chat-report, or profile-mangling plugins.
Step 3: Keep Authentication Strict Where It Matters
Do not solve this by turning off account verification entirely. Keep online-mode=true unless you intentionally run an offline-mode network behind a trusted proxy. The safer fix is usually:
- Leave Mojang account verification on.
- Relax only
enforce-secure-profileif your stack requires it. - Update proxy, bridge, and protocol plugins.
- Retest with a clean plugin set before re-enabling extras.
Step 4: Verify Plugin Compatibility After 1.21.x Updates
This error often appears right after a Minecraft minor update because one layer is stale. Check these first:
- Paper or Purpur build version
- Velocity or Waterfall/Bungee build version
- ViaVersion / ViaBackwards
- Geyser / Floodgate
- Chat formatting, moderation, and profile plugins
Good rule: if disabling one plugin instantly fixes joins, leave online-mode=true, keep the server private for a moment, and replace or update that plugin instead of weakening the whole auth chain.
When to Leave Secure Profile Enforcement On
Leave enforce-secure-profile=true if you run a plain Java-only server with no Geyser/Floodgate bridge, no unusual proxy chain, and no plugin that rewrites chat or player profile data. In that setup, turning it off is usually unnecessary.
Need a cleaner stack for modern Java, Paper, proxies, and Bedrock bridges? Launch a Minecraft server on Supercraft and test changes without rebuilding the whole network from scratch.