[FIXED] 503 Remote SSL certificate could not be verified

I’m running mastodon.beerfactory.org and it seems that user from other instances can’t follow account from my instance. They get 503 Remote SSL certificate could not be verified when trying to follow someone @beerfactory.org (ex: nico@beerfactory.org).
Checks :

  • certificate seems OK: A+ rating from SSL Server Test: mastodon.beerfactory.org (Powered by Qualys SSL Labs)
  • curl -v http://beerfactory.org/.well-known/host-meta redirects to https://mastodon.beerfactory.org/.well-known/host-meta
  • curl "https://mastodon.beerfactory.org/.well-known/webfinger?resource=nico@beerfactory.org doesn’t report any SSL problem.

Any help or log report from remote instances would be appreciated.

1 Like

Hi, Nico!
I get that looking from my instance as well. It seems the issue is that since your users resolv to beerfactory.org, there’s a request done to https://beerfactory.org, which has an invalid certificate. I also noticed that accessing mastodon.beerfactory.org without https is resulting in a “welcome to nginx” page, and normally it redirects to https when you follow the production guide, it’s a good idea to take a look on that.
Let me know if you need any extra info!

Thanks for your feedback. I tried to fix both errors you’ve reported and now the SSL error seems to be fixed when trying to follow from a remote instance. Can you have a test ?

Both using https://mastodon.beerfactory.org/@nico and @nico@beerfactory.org seem to be working now :slight_smile:

$ curl http://mastodon.beerfactory.org
<!DOCTYPE html>
<title>Welcome to nginx!</title>

it should work for http://mastodon.beerfactory.org now.

1 Like