Hi folks. I'm setting up a new Gemini capsule on a VPS. When I first accessed it using Lagrange, I was asked whether to trust the server's certificate. That's kind-of what I expected, since it's self-signed. My slight confusion stems from the fact that I didn't get asked this for my capsule on ctrl-c.club.
Is this because the ctrl-c.club certificate (which is system-wide, not per-user) is already signed by something Lagrange trusts? I sort of expected Lagrange to prompt me for every new certificate it encountered.
Sorry if I'm being dim. Not a problem (I think) -- just curious how it works.
Feb 27 ยท 2 months ago
6 Comments โ
๐ skyjake [mod...] ยท Feb 27 at 11:59:
Lagrange only asks for trust when it notices a certificate change. When visiting a server for the first time, TOFU applies and the certificate is automatically trusted.
There must have been a record of you visiting the domain earlier, when the certificate was different.
๐ lars_the_bear [OP] ยท Feb 27 at 12:17:
@skyjake : Thanks, but, hmm... It was a completely new capsule, new DNS name, etc. If you have a minute, would you be kind enough to look at gemini://larsthebear.me/, and see if it seems to be in order? I'm slightly concerned that I created a broken certificate.
For me, the URL worked perfectly without any warnings or questions on both iOS and macOS.
๐ skyjake [mod...] ยท Feb 27 at 15:21:
Your capsule seems fine to me as well.
๐ lars_the_bear [OP] ยท Feb 27 at 15:51:
Thanks folks. Must have been a gremlin, or just a typical cock-up on my part.
๐ stack ยท Feb 27 at 19:01:
Cock-up. I just wanted to repeat that.
But actually, ctrl-c has a shared server, so Tofu had already happened the first time you hit any ctrl-c-based gemlog. Your VPS site Tofu'ed the first time. All as it should be, right?