diff --git a/runner/harness/abra.py b/runner/harness/abra.py
index 6d7be0b..697b91d 100644
--- a/runner/harness/abra.py
+++ b/runner/harness/abra.py
@@ -108,11 +108,14 @@ def upgrade(domain: str, version: Optional[str] = None, timeout: int = 900) -> N
 
 
 def backup_create(domain: str, timeout: int = 900) -> None:
-    _run_pty(["app", "backup", "create", domain, "-n"], timeout=timeout)
+    # -C -o: use the current recipe checkout, no remote fetch — like every other recipe-touching
+    # call (DECISIONS.md). Without -o, abra tries to fetch recipe tags from the (possibly private)
+    # remote and fails "authentication required: Unauthorized".
+    _run_pty(["app", "backup", "create", domain, "-n", "-C", "-o"], timeout=timeout)
 
 
 def restore(domain: str, timeout: int = 900) -> None:
-    _run_pty(["app", "restore", domain, "-n"], timeout=timeout)
+    _run_pty(["app", "restore", domain, "-n", "-C", "-o"], timeout=timeout)
 
 
 def recipe_versions(recipe: str) -> list[str]:
diff --git a/runner/run_recipe_ci.py b/runner/run_recipe_ci.py
index 21d72e1..89851b2 100644
--- a/runner/run_recipe_ci.py
+++ b/runner/run_recipe_ci.py
@@ -57,6 +57,11 @@ def fetch_recipe(recipe: str, ref: str | None, src: str | None) -> None:
         subprocess.run([*git, "clone", "--quiet", url, dest], check=True)
         subprocess.run([*git, "-C", dest, "checkout", "--quiet", ref], check=True)
     else:
+        # Clean re-fetch from the catalogue. rm first so a leftover dir from a prior SRC+REF run
+        # (which points origin at the private mirror and may lack version tags) can't poison the
+        # catalogue fetch — that contamination makes `recipe versions`/backup hit the private remote
+        # and fail "authentication required".
+        subprocess.run(["rm", "-rf", dest], check=False)
         subprocess.run(["abra", "recipe", "fetch", recipe, "-n"], check=True)