[SOLVED] Some instances inaccessible

Hi, I run mstdn.quebec.gq since 9 days.
My instance seems to work well with the majority of others instances.
But there are some instances (and not the worsts) that can’t find my instance.
mastodon.social is one of them.
Ex.: searching manuelviens@mastodon.social from my instance return the profil and I can click Follow, but it will not (and don’t say it can’t). My sidekick is attempting but never success.
And from mastodon.social, if I search manu@mstdn.quebec.gq, it return nothing.

Sure that I missed something, but what?
(sorry for my poor english)

I can confim it is possible to find @manu@mstdn.quebec.gq from https://bsd.network/

https://mastodon.social gives me

 503 Remote data could not be fetched

Do you see attempts to connect from mastodon.social in your webserver log? - - [17/Oct/2018:08:07:23 -0400] "GET /users/manu HTTP/1.1" 200 1473 "-" "http.rb/3.3.0 (Mastodon/2.5.2; +https://mastodon.social/)" - - [17/Oct/2018:08:28:35 -0400] "GET /users/manu HTTP/1.1" 200 1473 "-" "http.rb/3.3.0 (Mastodon/2.5.2; +https://mastodon.social/)"

~5, 10 times/day from each of these two IP.

It shows bad cert error.

Seems A+ is not enough… (ref.: 503Remote SSL certificate could not be verified)
SSL Report: mstdn.quebec.gq

Please, could someone point me in the right direction?

1 Like

I see no issues either from my instance or from mastodon.social if I look for Manuel Viens (@manu@mstdn.quebec.gq) - mstdn.Quebec.gq. Do you still have issues?

I was not at home yesterday, so no change on my side.
After my latest changes, it still did not work but now… wow! seems my instance can contact any other instances! My sidekick (retries list) went from 44 to 10! Maybe some cache somewhere had to expire.

What I did :

  • removed all AAAA records in the DNS (my IPv6 do not seems to work anyway on my VPS);
  • added certificates on other subdomains;
  • removed “default_server” from my nginx confs.

This is what I plan to do :

  • adding a certificate to srv.quebec.gq (name of the VPS);
  • adding a wildcard certificate for the rest;
  • studying about certificates…

Topics of interest :

I’m guessing the ipv6 misconfiguration was the issue—if you publish an ipv6 address that doesn’t work, that’s going to cause a lot of problems

1 Like