Dear,

I have a setup with 3 docker containers: one client, one server and one nginx to set a self signed ssl certificate and route trafic coming on https://server.xxxxx to the solid server and https://client.xxxxx to the solid client.
I used this example setup: https://solidproject.org/self-hosting/css/nginx
Everything seems to work, I can reach my solid client and login, I can reach my solid server and create a pod, but when I want to get data or store data, I get the following error in the server log:

warn: Error verifying WebID via DPoP-bound access token: The WebID could not be dereferenced. solid-server_1 | Actual: https://server.xxxxxx/frederik/profile/card#me solid-server_1 | Expected: A dereferenceable resource

The problem was that I was using a self signed certificate via nginx reverse proxy. I had to add some extra logging to get the stack trace and then I noticed:

solid-server_1 | Expected: A dereferenceable resource solid-server_1 | at dereferenceWebid (/community-server/node_modules/@solid/access-token-verifier/dist/algorithm/retrieveWebidTrustedOidcIssuers.js:15:15) solid-server_1 | at processTicksAndRejections (node:internal/process/task_queues:96:5) solid-server_1 | at async retrieveWebidTrustedOidcIssuers (/community-server/node_modules/@solid/access-token-verifier/dist/algorithm/retrieveWebidTrustedOidcIssuers.js:22:24) solid-server_1 | at async WebIDIssuersCache.getIssuers (/community-server/node_modules/@solid/access-token-verifier/dist/class/WebIDIssuersCache.js:17:34) solid-server_1 | at async verifySolidAccessToken (/community-server/node_modules/@solid/access-token-verifier/dist/algorithm/verifySolidAccessToken.js:39:21) solid-server_1 | at async DPoPWebIdExtractor.handle (/community-server/dist/authentication/DPoPWebIdExtractor.js:47:28) solid-server_1 | at async Promise.all (index 0) solid-server_1 | at async UnionCredentialsExtractor.handleSafe (/community-server/dist/util/handlers/UnionHandler.js:56:25) solid-server_1 | at async AuthorizingHttpHandler.handle (/community-server/dist/server/AuthorizingHttpHandler.js:27:29) solid-server_1 | at async ParsingHttpHandler.handle (/community-server/dist/server/ParsingHttpHandler.js:28:22) solid-server_1 | at async SequenceHandler.handle (/community-server/dist/util/handlers/SequenceHandler.js:27:26) solid-server_1 | at async Server.<anonymous> (/community-server/dist/server/BaseHttpServerFactory.js:33:17)

Then I had to npm install https://www.npmjs.com/package/rdf-dereference and I executed the call via cli getting the error:

FetchError: request to https://server.xxxxxxxxxxxxxxx/profile/card#me failed, reason: self signed certificate at ClientRequest.<anonymous> (XXXXXXXXXXXXXXXXXXX\npm\node_modules\rdf-dereference\node_modules\node-fetch\lib\index.js:1461:11) at ClientRequest.emit (events.js:400:28) at TLSSocket.socketErrorListener (_http_client.js:475:9) at TLSSocket.emit (events.js:400:28) at emitErrorNT (internal/streams/destroy.js:106:8) at emitErrorCloseNT (internal/streams/destroy.js:74:3) at processTicksAndRejections (internal/process/task_queues.js:82:21) { type: 'system', errno: 'DEPTH_ZERO_SELF_SIGNED_CERT', code: 'DEPTH_ZERO_SELF_SIGNED_CERT'

But this was not obvious from the error message that was logged in the server log. It would help a lot in case of error, that stack traces or more info on the error is logged. I would also suggest to log this as error and not as warn. Thanks!!

Original message:
https://forum.solidproject.org/t/error-dereference-webid/4946

While the error occurs when using CSS, and is actually originally thrown by rdf-dereference, I suggested filing the error on this repo because it is rethrown here.
https://github.com/solid/access-token-verifier/blob/d0838077cf4d5b07ab35bb89866b8b2e264eca29/src/algorithm/retrieveWebidTrustedOidcIssuers.ts#L17

I think there are two questions here:

1. Should the error message be more detailed?
2. Should a self signed certificate be throwing an error in the first place?

Just wanted to note the following for people having the same issue in the future.

I also had the The WebID could not be dereferenced issue with Expected: A dereferenceable resource.
However, my problem was that in my docker-compose.yml I gave my CSS instance service the name equal to my domain name on which the instance was running.

Simply renaming the service name to something different than the domain solved this issue for me.

Hello everybody,
We are facing the same issue. When trying to interact with the server, we can create a pod (through the registration page) and get a specific card through a GET request. However, we cannot do a PUT to our own pods. The error is:

warn: Error verifying WebID via DPoP-bound access token: The WebID could not be dereferenced.
Actual: https://solid.domain.xx/kim-test/profile/card#me

Our setup is the following: we are running the community server with NodeJS, we use nginx as a reverse proxy, and we are not signing our own certificate (we use cerbot for this).
On the client side, we get a token, a public and a private key, but still the authorization request fails.
Would you have any pointers to solve this issue?
Thanks a lot!

For anyone experiencing this issue, the problem might not be with the access-token-verifier and it might be around a mapping for /etc/hosts.

First check to see if you can curl from inside your server:

ssh mypodserver
curl https://my.podserver.com/user/profile/card#me

If curling hangs for a while, then produces an error like this, the problem is with /etc/hosts

curl: (28) Failed to connect to my.podserver.com port 443 after 129360 ms: Couldn't connect to server

To fix it, add the following line to /etc/hosts. Replace my.podserver.com with your Pod server's domain.

127.0.0.1 my.podserver.com