how can I use tor2web to access hidden service without tor brower?

[davidhuang24]

i want to access hidden service iw4xcachep26muba.onion by url iw4xcachep26muba.overtime.icu . how can I configure tor2web? I have completed the following steps：

• domain and dns are correct;
• install and start tor2web according Installation Guide;
• configure tor2web according Configuration Guide;this is my /etc/tor2web.conf:

  
  # Tor2web configuration file
  [main]
  nodename = david_bupt
  datadir = /home/tor2web

logreqs = False debugmode = False debugtostdout = False

processes = 2 requests_per_process = 100000

transport = BOTH listen_ipv4 = my ip_v4 listen_ipv6 = my ip_v6 listen_port_http = 80 listen_port_https = 443

basehost = overtime.icu

sockshost = 127.0.0.1 socksport = 9050 socksoptimisticdata = True sockmaxpersistentperhost = 5 sockcachedconnectiontimeout = 240 sockretryautomatically = True

SSL configuration

ssl_key = /home/tor2web/certs/tor2web-key.pem ssl_cert = /home/tor2web/certs/tor2web-cert.pem ssl_intermediate = /home/tor2web/certs/tor2web-intermediate.pem

ssl_dh = /home/tor2web/certs/tor2web-dh.pem cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA ssl_tofu_cache_size = 100

mode = TRANSLATION onion = iw4xcachep26muba.onion

disable_tor_redirection = False disable_disclaimer = False disable_banner = False exit_node_list_refresh = 600 mirror = [tor2web.org, mirror2.tld, mirror3.tld, ...]

- generate ssl certifications by letsencrypt; and set  following symbol links in addition to necessary permissions;

ln -s /etc/letsencrypt/live/overtime.icu/privkey.pem /home/tor2web/certs/tor2web-key.pem ln -s /etc/letsencrypt/live/overtime.icu/cert.pem /home/tor2web/certs/tor2web-certificate.pem ln -s /etc/letsencrypt/live/overtime.icu/fullchain.pem /home/tor2web/certs/tor2web-intermediate.pem ln -s /etc/letsencrypt/live /etc/letsencrypt/archive/ chgrp tor2web /etc/letsencrypt/live/ chgrp tor2web /etc/letsencrypt/archive chmod g+rx /etc/letsencrypt/archive chmod g+rx /etc/letsencrypt/live

- generate tor2web-dh.pem and configrue it in tor2web.conf;

openssl dhparam -out tor2web-dh.pem 2048

- add options in torrc;

ControlPort 9051 CookieAuthentication 1 SocksPort 9050

- put a host map in file /home/tor2web/lists/hosts_map.txt ;

iw4xcachep26muba.overtime.icu iw4xcachep26muba.onion

 since [iw4xcachep26muba.onion.sh](https://iw4xcachep26muba.onion.sh/) can be successfully accessed in chrome, how can I acess [iw4xcachep26muba.overtime.icu](https://iw4xcachep26muba.overtime.icu)  like this ?  
What steps have I misconfigured or missed ？
Thanks！

[davidhuang24]

could you please give me some suggestions?

[evilaliv3]

Hello @davidhuang24,

I just tried to ping iw4xcachep26muba.overtime.icu and i'm not able to reach it. Is it possible that you forgot to set a wildcard doman DNS configuration?

Please point *.overtime.icu to the IP of the server and retry again.

[davidhuang24]

Hello @davidhuang24,

I just tried to ping iw4xcachep26muba.overtime.icu and i'm not able to reach it. Is it possible that you forgot to set a wildcard doman DNS configuration?

Please point *.overtime.icu to the IP of the server and retry again.

Thank you very much! It works!!! But invalid certification and insecure link display in chrome，what's matter ? Isn't the way to use symbolic links incorrect？

[davidhuang24]

I have generated Wildcard digital certificate by letsencrypt successfully!

[evilaliv3]

Super! Yes this is what was necessary.

[davidhuang24]

Super! Yes this is what was necessary.

I have generated Wildcard digital certificate by letsencrypt successfully , but invalid certification and insecure link display in chrome. what's matter ?

[davidhuang24]

Super! Yes this is what was necessary.

I have generated Wildcard digital certificate by letsencrypt successfully , but invalid certification and insecure link display in chrome. what's matter ?

All problems have been resolved , Thank you very much. In addition , we need to add dns host record which pointing *.overtime.icu to the IP of the server and generate Wildcard(key point) digital certificate。