Hello! I am working through some issues with federation between my own server, https://globe.pub, and all other Lemmy servers.
When I subscribe to a community on a foreign server (e.g. https://lemmy.world/c/world), I get an error saying Activity was rejected by https://lemmy.world/inbox, aborting: Incoming activity has invalid signature.
I’m having trouble figuring out what is misconfigured on my server. Does anyone have advice on how I can resolve this?
Below are my debug logs for a failed subscription request:
2023-07-16T20:05:17.562556Z DEBUG activitypub_federation::activity_queue: Sending https://globe.pub/activities/follow/7dec89e1-eea0-4265-98c4-8e927fde3f6f to https://lemmy.world/inbox, contents:
{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"lemmy":"https://join-lemmy.org/ns#","litepub":"http://litepub.social/ns#","pt":"https://joinpeertube.org/ns#","sc":"http://schema.org/","ChatMessage":"litepub:ChatMessage","commentsEnabled":"pt:commentsEnabled","sensitive":"as:sensitive","matrixUserId":"lemmy:matrixUserId","postingRestrictedToMods":"lemmy:postingRestrictedToMods","removeData":"lemmy:removeData","stickied":"lemmy:stickied","moderators":{"@type":"@id","@id":"lemmy:moderators"},"expires":"as:endTime","distinguished":"lemmy:distinguished","language":"sc:inLanguage","identifier":"sc:identifier"}],"actor":"https://globe.pub/u/mplewis","to":["https://lemmy.world/c/world"],"object":"https://lemmy.world/c/world","type":"Follow","id":"https://globe.pub/activities/follow/7dec89e1-eea0-4265-98c4-8e927fde3f6f"}
2023-07-16T20:05:18.250812Z DEBUG activitypub_federation::activity_queue: Activity https://globe.pub/activities/follow/7dec89e1-eea0-4265-98c4-8e927fde3f6f was rejected by https://lemmy.world/inbox, aborting: Incoming activity has invalid signature
The error is bubbling up from the activity pub library that Lemmy uses: https://github.com/LemmyNet/activitypub-federation-rust/blob/main/src/http_signatures.rs
See “ActivitySignatureInvalid”
Not sure why you’d be seeing this though. Something wrong with your Lemmy signature maybe? I’ve never actually set one up myself, but I assume you generate some kind of cert at some point, or it uses your SSL cert or something? Maybe a misconfiguration in that area?
What I discovered is this was due to me running a past instance of Lemmy on this domain, then wiping it and losing the instance/user public keys. So all the servers I’ve talked to in the past have a public key in mind for globe.pub which no longer exists. I think this means that the domain is no longer usable for federation, as instances don’t prune dead instances from their list.
Interesting! I wonder if that should be written up as a bug report, or if it’s by design. I guess I could see both cases. Glad you figured it out though!