Symptoms
Attempting to configure or use 2FA fails with a general message saying that the code is invalid.
Description
2FA security codes require that the server is within a time step of 30 seconds of the true time. Ideally, a server should not differ for more than 1 second.
If a server's time differs for more than 30 seconds you will experience issues with 2FA. Greater differences may cause SSL/TLS connection errors as well.
Workaround
As part of the maintenance that cPanel runs during updates, we execute a script that attempts to synchronize the time on your server:
/scripts/rdate
However, if your server has the "NTP" daemon configured, the script will exit and you will need to ensure your time is properly synchronized via NTP to ensure there is no skew in time that could cause issues.