diff --git a/server/src/matrix/bot.rs b/server/src/matrix/bot.rs
index aed0044..ba4aa16 100644
--- a/server/src/matrix/bot.rs
+++ b/server/src/matrix/bot.rs
@@ -136,8 +136,21 @@ pub async fn run_bot(
     slog!("[matrix-bot] Logged in as {bot_user_id} (device: {})", login_response.device_id);
 
     // Bootstrap cross-signing keys for E2EE verification support.
-    if let Err(e) = client.encryption().bootstrap_cross_signing(None).await {
-        slog!("[matrix-bot] Cross-signing bootstrap note: {e}");
+    // Pass the bot's password for UIA (User-Interactive Authentication) —
+    // the homeserver requires proof of identity before accepting cross-signing keys.
+    {
+        use matrix_sdk::ruma::api::client::uiaa;
+        let password_auth = uiaa::AuthData::Password(uiaa::Password::new(
+            uiaa::UserIdentifier::UserIdOrLocalpart(config.username.clone()),
+            config.password.clone(),
+        ));
+        if let Err(e) = client
+            .encryption()
+            .bootstrap_cross_signing(Some(password_auth))
+            .await
+        {
+            slog!("[matrix-bot] Cross-signing bootstrap note: {e}");
+        }
     }
 
     // Self-sign own device keys so other clients don't show