When you run a federation check on your Mastodon instance, the tool may return the error “Instance Not Reachable” for another server. This error means your instance cannot establish a connection to that remote server. The cause is usually a firewall rule, a DNS misconfiguration, or the remote instance blocking your IP address. This article explains the technical reasons behind the error and provides step-by-step fixes you can apply.
Key Takeaways: Fixing Instance Not Reachable in Mastodon Federation Check
- Preferences > Moderation > Federation > Check: Runs the federation check and shows the error for unreachable instances.
- Firewall rules on port 443: Blocking outbound HTTPS connections to the remote instance IP causes the error.
- DNS lookup failure for the remote domain: A missing or incorrect A record for the remote instance prevents connection.
Why the Federation Check Returns “Instance Not Reachable”
The federation check in Mastodon tests whether your instance can connect to a remote instance over HTTPS. The check sends a simple HTTP GET request to the remote instance’s API endpoint /api/v1/instance. If the remote server does not respond within a timeout period, Mastodon marks it as “Not Reachable.”
There are three common technical reasons for this failure:
Firewall or Network Filter Blocks Outbound Traffic
Your server’s firewall, a cloud provider security group, or a corporate network filter may block outbound HTTPS traffic (port 443) to the remote IP address. This is the most frequent cause. The federation check never reaches the remote instance, so it times out.
DNS Resolution Fails for the Remote Domain
If your server cannot resolve the remote instance’s domain name to an IP address, the connection cannot be opened. This can happen if the remote domain has expired, has no A or AAAA record, or if your DNS resolver is misconfigured.
Remote Instance Blocks Your IP Address
The remote instance may have implemented a blocklist that includes your IP address range. This is common when your instance has been flagged for spam or abuse. The remote server drops the connection before responding.
Steps to Diagnose and Fix the Error
Follow these steps in order. Each step isolates a different potential cause.
- Run the federation check for the exact domain
In your Mastodon admin panel, go to Preferences > Moderation > Federation. In the search box, type the remote instance domain exactly (for example,mastodon.social). Click the Check button. Note the error message. If it says “Instance Not Reachable,” proceed to the next step. - Test DNS resolution from your server
Open a terminal on your Mastodon server. Runnslookup example.comordig example.comwhereexample.comis the remote instance domain. If the command returns no IP address or a SERVFAIL error, the domain cannot be resolved. Wait 24 hours for DNS propagation, or contact the remote instance admin to confirm the domain is active. - Check outbound connectivity to the remote IP
Use the IP address from the DNS lookup. Runcurl -I https://IP_ADDRESSfrom your server. If the command hangs or returns “Connection timed out,” your firewall or network is blocking outbound HTTPS traffic. Review your firewall rules (iptables, ufw, or cloud provider security group) and allow outbound TCP on port 443 to all destinations. - Verify the remote instance is not blocking your IP
From a different network (for example, your home computer), runcurl -I https://example.com. If it succeeds from the other network but fails from your Mastodon server, the remote instance may have blocked your server IP. Contact the remote instance admin to request removal from their blocklist. - Test HTTPS certificate validity
A valid TLS certificate is required for the connection. Runopenssl s_client -connect example.com:443 -servername example.com. If the output shows “Verify return code: 0 (ok)”, the certificate is valid. Any other return code indicates a certificate issue on the remote instance. Wait for the remote admin to fix it, or add the domain to your instance’s allowed domains temporarily. - Restart the Mastodon sidekiq and web services
After applying any network or DNS fix, restart Mastodon services to clear cached connection states. Runsystemctl restart mastodon-sidekiq mastodon-webfrom your server. Wait 30 seconds, then run the federation check again.
If Mastodon Still Shows the Error After the Main Fix
Federation Check Works Intermittently
If the check succeeds sometimes and fails other times, the remote instance may be rate-limiting your requests. Wait at least 5 minutes between checks. Rate limits are usually temporary and reset after a cooldown period.
Multiple Instances Show the Same Error
If many remote instances are unreachable, the problem is likely on your side. Review your server’s firewall rules and ensure outbound HTTPS is not restricted by an upstream provider or a corporate proxy. Also check if your Mastodon instance is running behind a reverse proxy that is misconfigured.
Error Persists After All Steps
If the error remains after DNS, firewall, and certificate checks, the remote instance may be offline entirely. Use a third-party monitoring tool like UpDown.io to check the remote domain’s availability. If the remote instance is down, wait for its admin to restore service.
| Item | Local Network Issue | Remote Instance Issue |
|---|---|---|
| DNS resolution | Server DNS resolver misconfigured | Remote domain expired or missing A record |
| Firewall | Outbound port 443 blocked | Remote instance blocks your IP |
| Certificate | N/A | Expired or invalid TLS certificate |
| Service status | Mastodon sidekiq or web not restarted | Remote instance offline or overloaded |
The federation check is a critical tool for maintaining a healthy Mastodon instance. By following the steps above, you can identify whether the problem is on your network or on the remote side. After fixing the issue, run the check again to confirm the connection succeeds. For persistent cases, consider adding the remote domain to your instance’s whitelist as a temporary workaround while you investigate further.