This instance has several hidden services configured and v2 onions are reachable with this version of Tor.
Starting Tor 0.3.4.7-rc (git-6809bbe7) i got following warning 32 times:
{REND} Uploading hidden service descriptor: http status 400 ("Invalid HS descriptor. Rejected.") response from dirserver '$address'. Malformed hidden service descriptor?
I wonder if files created by the previously used Tor 0.3.5.0-alpha-dev are incompatible with 0.3.4.7-rc.
Will attach a scrubbed info log later, debug log is available on demand.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items
0
Show closed items
No child items are currently assigned. Use child items to break down this issue into smaller parts.
Linked items
0
Link issues together to show that they're related.
Learn more.
Hmmm there is a bit too much INFO logs missing. In theory, before the "Malformed" warning happens, we should have a series of logs about building descriptor including the value of the revision counter. Most likely, that is the issue.
If you moved your HS from 035 to 034, you are likely to hit the revision counter issue because you are using a value that is way too low (most likely around 0 since it had to start from the start) from what 035 used which is based on Unix timestamp so much higher.
Either wait 3 hours before uploading a new descriptors or consider changing keys :). If you are unable to make your HS work after those 3 hours which is the HSDir lifetime of a descriptor, then re-open?
Trac: Milestone: Tor: 0.3.4.x-final to Tor: 0.3.5.x-final Resolution: N/Ato not a bug Status: new to closed
On start v3 domain will work but only if domain was offline for several hours. If I restart Tor instance, nobody could connect until next several hours, probably due to those 3 hours caches in HSDirs.
When I restart Tor instance I also delete Tor data folder and since "state" file is keeping HidServRevCounter my v3 hidden service will not working immediately. Case closed.
Closing after a clarifying chat with dgoulet. Thanks! In case someone runs into this, this is what i understood (paraphrasing here):
That "400 Rejected" error is ambiguous (hence the fix is not to improve the log message) and can be caused by two things today
Unable to decode the descriptor (which can be caused by many things) or
Revision counter is lower than previous one
The reason for 2) could be a replay attack (in theory - "yes (if we rule out a tor bug)") or an operator emptied the state file, or downgraded a client from 0.3.5 to 0.3.4 as i did.
in this case, going from 035 to 034 breaks it for ~3hr but then works ... so logging that one should maybe wait is not ideal because we don't know the context
in 034 HidServRevCounter is based on a value in the state file, 035+ is based on time