[bug] Instance on a subdomain cannot federate an instance on the root domain #618

Closed
opened 2023-08-07 00:00:13 +00:00 by rat · 1 comment

Your setup

From source

Extra details

Debian 12 Bookworm, old instance on FreeBSD 13.2

Version

3.9.2 stable

PostgreSQL version

15

What were you trying to do?

Create a new instance on a subdomain of what my current instance is running on, on a different server.

What did you expect to happen?

Users would be able to migrate their account to the new instance.

What actually happened?

The root domain instance can see posts from the subdomain instance, but the subdomain cannot see anything from the root domain instance. If you try to go to @user@domain.com, it will point you to @user@subdomain.domain.com. This makes it impossible to alias the account. Federation with every other instance works, at least from what I can tell.

Has to do with SSL certs, been working on trying to fix it myself.

Logs

Aug 05 13:40:21 worm mix[6608]: 13:40:21.687 request_id=F3iQwa7abSacjyoABPOR [error] Could not decode user at fetch https://worm.pink/users/rat, "TLS client: In state wait_cert_cr at ssl_handshake.erl:2113 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,hostname_check_failed}"
Aug 05 13:40:21 worm mix[6608]: 13:40:21.687 request_id=F3iQwa7abSacjyoABPOR [error] Could not fetch user https://worm.pink/users/rat, {nil, {:error, "TLS client: In state wait_cert_cr at ssl_handshake.erl:2113 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,hostname_check_failed}"}}

(from subdomain's VM)
~%curl https://worm.pink/users/rat
curl: (60) SSL: no alternative certificate subject name matches target host name 'worm.pink'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

Severity

I cannot use it as easily as I'd like

Have you searched for this issue?

  • I have double-checked and have not found this issue mentioned anywhere.
### Your setup From source ### Extra details Debian 12 Bookworm, old instance on FreeBSD 13.2 ### Version 3.9.2 stable ### PostgreSQL version 15 ### What were you trying to do? Create a new instance on a subdomain of what my current instance is running on, on a different server. ### What did you expect to happen? Users would be able to migrate their account to the new instance. ### What actually happened? The root domain instance can see posts from the subdomain instance, but the subdomain cannot see anything from the root domain instance. If you try to go to @user@domain.com, it will point you to @user@subdomain.domain.com. This makes it impossible to alias the account. Federation with every other instance works, at least from what I can tell. Has to do with SSL certs, been working on trying to fix it myself. ### Logs ```shell Aug 05 13:40:21 worm mix[6608]: 13:40:21.687 request_id=F3iQwa7abSacjyoABPOR [error] Could not decode user at fetch https://worm.pink/users/rat, "TLS client: In state wait_cert_cr at ssl_handshake.erl:2113 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,hostname_check_failed}" Aug 05 13:40:21 worm mix[6608]: 13:40:21.687 request_id=F3iQwa7abSacjyoABPOR [error] Could not fetch user https://worm.pink/users/rat, {nil, {:error, "TLS client: In state wait_cert_cr at ssl_handshake.erl:2113 generated CLIENT ALERT: Fatal - Handshake Failure\n {bad_cert,hostname_check_failed}"}} (from subdomain's VM) ~%curl https://worm.pink/users/rat curl: (60) SSL: no alternative certificate subject name matches target host name 'worm.pink' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. ``` ### Severity I cannot use it as easily as I'd like ### Have you searched for this issue? - [x] I have double-checked and have not found this issue mentioned anywhere.
rat added the
bug
label 2023-08-07 00:00:13 +00:00
rat changed title from [bug] Instance on a subdomain cannot federate an instance on the root domain to [bug] Instance on a subdomain cannot federate an instance on the root domain 2023-08-07 00:00:42 +00:00
Author

loopback ip in hosts file was pointing to root domain

loopback ip in hosts file was pointing to root domain
rat closed this issue 2023-08-07 03:38:40 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#618
No description provided.