POD-Providers / How-To


#1

hey there community.

  1. https://solidweb.org (5.0.1) is up as POD-provider and we will work on the list at github or the mailing-list, won’ t we ? it is configured as SSL/TLS-passthrough because I got no load balancer configured. I am a private person and will try to maintain the site as professional as I can. where will the list gonna be created ?

  2. the call in was very informative, I did understand most things and it seemed that we all dedicate our work to the public interest. my writing english is better than my speaking english. I think I will find the IRC-channel for sunday in 8 days.

  3. I surely can share some information on building a howto, hence https://solid.inrupt.com/docs/installing-running-nss probably must be user-defined modified depending on the system. where/when/how/who do we gather the needed information ?

  4. a BIG thank you to the community for welcoming each and everyone and helping getting through. the machine running solidweb.org can grow with the needs of traffic/users. I’ m not yet used to issues/pull-requests. will help as much as I can.


#2

It seems that the certificate used for https belongs to serverproject.de instead of solidweb.org. I know that these sites are related, but is that something that could be changed?


#3

thank u. from here everything seems okay. other the sites are hosted at the same provider and they’ re both mine they are not related. they don’ t even share space. serverproject is webspace with ordered cert from the provider and solidweb is a dedicated machine with (wildcard-)cert from letsencrypt. {([I admit I have linked from [1, my home] to [2, project site for you all] using the logo not knowing if compliant with the logo use guidelines])}. see pic. how can I reproduce the error ?

a better pic here


for debugging purposes I can add following info:
server: (https://)www.serverproject.de
authority: Starfield Secure Certificate Authority - G2
valid: 27.06.2017 - 27.06.2020

server: (https://)*.solidweb.org
authority: Let’s Encrypt Authority X3
valid: 14.04.2019 - 13.07.2019


#4

I’ve never setup https myself so I don’t know how to use the debug information.

It happens for me using Ubuntu 18.04.2 LTS for both, Firefox (66) and Chrome (74), when opening the page (just like I would open any other page, nothing special done). When saying that I take the risk it results in a redirection error “The page isn’t redirecting properly. An error occurred during a connection to solidweb.org. This problem can sometimes be caused by disabling or refusing to accept cookies.” (again with Firefox and Chrome, also with allowing cookies).

Here’s the certificate chrome shows:

As I’ve said, idk how to work with https certificates, but could it be that *.solidweb.org only is for subdomains? Or does it mean solidweb.org and its subdomains?

If I can help you with further information, don’t hesitate to ask :slight_smile:


#5

this for sure is the cert for serverproject.de.

as hint: try clearing the cache and then reopen solidweb.org

I cannot deny completely from here I made a mistake setting the redirection up at the provider using the webadmin setting (assigning) the space for the IP.

another idea after clearing the cache would be trying to connect to 83.169.46.66 directly


#6

I’ve tried deleting the certificate from firefox so it rechecks it, but it still responded with the one for serverproject.de
It seems that it should work though.


#7

I’ ve found a hint.

it seems to be an IPv4/IPv6 problem according to https://www.ssllabs.com/ssltest/analyze.html?d=solidweb.org

will work on that soon. guess I’ ll have to set an AAAA-record in DNS-zone.
[edit]
I apologize for the inconvenience. I’ ve set the AAAA. solidweb now resolves to IPv6 but I don’ t know yet if I need a new cert (case misconfigured IPv6 mentioned in the cert yes or no)
[edit2]
https://www.mythic-beasts.com/ipv6/health-check?domain=solidweb.org&submit=

ipv6 itself works meaning name is resolved, but there are only ipv4 nameservers. letsencrypt offers ssl/ipv6 so worst case I need a new cert. thanks for pointing me there.


#8

seems like setting the AAAA-record did the job.
https://www.ssllabs.com/ssltest/analyze.html?d=solidweb.org says okay.