Articles

Fix GitHub Actions Invalid Runner Registration Token (2026)

April 18, 2026 3 min read

The GitHub Actions runner registration process is failing because the token provided is no longer valid, meaning the runner can’t authenticate with GitHub to receive job instructions.

Common Causes and Fixes:

  1. Token Expired: Runner registration tokens are short-lived, typically valid for only one hour.

    • Diagnosis: Check the token’s creation timestamp if available in your runner setup script or logs. If you’re manually generating it, note the time.
    • Fix: Generate a new token from the GitHub UI. Navigate to your repository or organization settings -> Actions -> Runners -> "New runner". Copy the newly generated token.
    • Why it works: A fresh token meets the time-based validity requirement for registration.

  2. Token Revoked/Deleted: The token might have been explicitly revoked or deleted from the GitHub UI.

    • Diagnosis: Review the runner registration logs for messages indicating the token was rejected due to invalidity or being non-existent.
    • Fix: Generate a new token as described in cause #1. If you have a large fleet of runners, consider using a service principal or managed identity for authentication in cloud environments, which avoids manual token management.
    • Why it works: A new, valid token replaces the deleted or revoked one, re-establishing the authentication channel.

  3. Incorrect Scope of Token: The token was generated for a different level (e.g., repository instead of organization, or vice-versa) than where the runner is trying to register.

    • Diagnosis: Examine the actions-runner command or configuration file for the --url parameter. If it points to a repository (https://github.com/owner/repo), you need a repository token. If it points to an organization (https://github.com/orgs/owner), you need an organization token.
    • Fix: Ensure you generate the token at the correct level in the GitHub UI. For repository runners, generate it under repository settings. For organization runners, generate it under organization settings.
    • Why it works: The runner needs a token with permissions matching its intended scope to communicate with the correct GitHub endpoint.

  4. Token Used Multiple Times: A runner registration token can only be used once. If it’s been used to register a runner previously, subsequent attempts with the same token will fail.

    • Diagnosis: Check your runner logs for any successful registration messages that might have occurred before the current failure. If a runner did register successfully with that token, it’s now spent.
    • Fix: Generate a new token and use it for the current runner registration attempt. Do not reuse tokens.
    • Why it works: Each token is a single-use credential; once consumed, it’s invalidated for further registrations.

  5. Typo or Copy-Paste Error in Token: The token string itself was entered incorrectly during the runner setup.

    • Diagnosis: Carefully compare the token string in your runner configuration (e.g., environment variable ACTIONS_RUNNER_TOKEN, or within the config.sh script) with the token copied from GitHub. Look for subtle differences, swapped characters, or missing characters.
    • Fix: Re-copy the token from the GitHub UI and paste it precisely into your runner configuration. Double-check for any hidden characters or whitespace.
    • Why it works: Ensures the runner is attempting to authenticate with the exact, correct secret provided by GitHub.

  6. Runner Agent Software Outdated: While less common for registration token errors, an extremely old version of the runner agent might have compatibility issues with the current token generation or validation mechanisms.

    • Diagnosis: Check the version of the actions-runner software you are running. You can usually find this in the runner’s installation directory (e.g., bin/Runner.Listener --version).
    • Fix: Download and install the latest version of the GitHub Actions runner from the official documentation.
    • Why it works: Ensures the runner agent is using up-to-date protocols and security checks that align with GitHub’s current authentication systems.

After resolving the invalid token issue, you might encounter a "Self-signed certificate in certificate chain" error if your runner environment has strict TLS/SSL configurations that don’t trust GitHub’s certificate authority by default.

Want structured learning?

Take the full Github-actions course →