I'm adding to this thread because I'm running into the 403 HyperKitty failure (Access is forbidden) and adding my public ip address to the MAILMAN_ARCHIVER_FROM variable did not do the trick. I'm at a loss as to what might be going on so I'm hoping someone is willing to put fresh eyes on this.
All other aspects of this new are site working. It's worth noting that I set up this new install and then restored database backups of mailman3 and mailman3web from my previous install, and also copied over the /var/lib/mailman3 folders (but I left behind the contents of the cache folder).
I can see in the apache access log that the attempts are coming from the public IP, and it shows the archive key I'm using also: 54.71.5.180 - - [20/Jun/2020:09:51:01 -0600] "POST /mailman3/hyperkitty/api/mailman/archive?key=<mykey> HTTP/1.1" 403 4151 "-" "python-requests/2.18.4"
Here's my ARCHIVER_FROM variable setting: MAILMAN_ARCHIVER_FROM = ('127.0.0.1','::1','54.71.5.180')
The apache error log has "broken pipe" messages which Mark said in are just the normal outcome of the failure and not a clue.
The mailman.log had both 403 (Access is forbidden) and 503 (Service Unavailable) errors, but the 403 errors come first and I think the 503 is just the result of not having access = here's what the 403 error looks like, right after the successful message posting:
Jun 20 09:50:59 2020 (29587) ACCEPT: <20200620155058.1324.27893@mailman3> Jun 20 09:51:00 2020 (29591) HyperKitty failure on https://udfcd-lists.org/mailman3/hyperkitty/api/mailman/urls: <html><title>Forbidden</title><body> <h1>Access is forbidden</h1></body></html> (403)
I verified (like a thousand times) that: MAILMAN_ARCHIVER_KEY (with quotes, in mailman-web.py) = api_key (without quotes, in mailman-hyperkitty.cfg)
And for fun, here's my base_url.
base_url: https://udfcd-lists.org/mailman3/hyperkitty/
I've tried it with http instead of https, and also and with the original //localhost/. With it set to localhost I get an ssl.CertificateError stating that localhost does not match any of the certified domains, which I think is because certbot sets you up with Virtual Hosts when you install the certificates so I need to have the base_url set to my actual domain and use the ARCHIVER_FROM variable to allow the IP address - I think I have all that set up right but still...forbidden.
I've run out of things to check - any thoughts out there? Thanks!
~Kelly