diff --git a/app/src/views/environment/Environment.vue b/app/src/views/environment/Environment.vue
index 21d50497..fddb3aff 100644
--- a/app/src/views/environment/Environment.vue
+++ b/app/src/views/environment/Environment.vue
@@ -42,13 +42,19 @@ function batchUpgrade() {
 
     <BatchUpgrader ref="refUpgrader" />
 
-    <FooterToolBar v-if="selectedNodes?.length > 0">
-      <AButton
-        type="primary"
-        @click="batchUpgrade"
+    <FooterToolBar>
+      <ATooltip
+        :title="$gettext('Please select at least one node to upgrade')"
+        placement="topLeft"
       >
-        {{ $gettext('Upgrade') }}
-      </AButton>
+        <AButton
+          :disabled="selectedNodeIds.length === 0"
+          type="primary"
+          @click="batchUpgrade"
+        >
+          {{ $gettext('Upgrade') }}
+        </AButton>
+      </ATooltip>
     </FooterToolBar>
   </div>
 </template>
diff --git a/app/src/views/other/Login.vue b/app/src/views/other/Login.vue
index e1619b39..458beefb 100644
--- a/app/src/views/other/Login.vue
+++ b/app/src/views/other/Login.vue
@@ -229,7 +229,7 @@ async function handlePasskeyLogin() {
                 :two-f-a-status="{
                   enabled: true,
                   otp_status: true,
-                  passkey_status: true,
+                  passkey_status: false,
                 }"
                 @submit-o-t-p="handleOTPSubmit"
               />
diff --git a/internal/cert/payload.go b/internal/cert/payload.go
index 3f27a6bb..004a98f3 100644
--- a/internal/cert/payload.go
+++ b/internal/cert/payload.go
@@ -60,6 +60,13 @@ func (c *ConfigPayload) mkCertificateDir() (err error) {
 		}
 	}
 
+	if _, err = os.Stat(c.CertificateDir); os.IsNotExist(err) {
+		err = os.MkdirAll(c.CertificateDir, 0755)
+		if err == nil {
+			return nil
+		}
+	}
+
 	// For windows, replace * with # (issue #403)
 	c.CertificateDir = strings.ReplaceAll(c.CertificateDir, "*", "#")
 	if _, err = os.Stat(c.CertificateDir); os.IsNotExist(err) {
diff --git a/model/auth.go b/model/auth.go
index 4d6d343e..6660d967 100644
--- a/model/auth.go
+++ b/model/auth.go
@@ -3,15 +3,17 @@ package model
 import (
 	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/spf13/cast"
+	"gorm.io/gorm"
 )
 
 type User struct {
 	Model
 
-	Name      string `json:"name"`
-	Password  string `json:"-"`
-	Status    bool   `json:"status" gorm:"default:1"`
-	OTPSecret []byte `json:"-" gorm:"type:blob"`
+	Name         string `json:"name"`
+	Password     string `json:"-"`
+	Status       bool   `json:"status" gorm:"default:1"`
+	OTPSecret    []byte `json:"-" gorm:"type:blob"`
+	EnabledTwoFA bool   `json:"enabled_2fa" gorm:"-"`
 }
 
 type AuthToken struct {
@@ -24,6 +26,11 @@ func (u *User) TableName() string {
 	return "auths"
 }
 
+func (u *User) AfterFind(_ *gorm.DB) error {
+	u.EnabledTwoFA = u.Enabled2FA()
+	return nil
+}
+
 func (u *User) EnabledOTP() bool {
 	return len(u.OTPSecret) != 0
 }