Comment by ๐ฆ roughnecks
Well, the cert issue, I believe, is for everyone but I am able to connect to the instance anyway. That friend only told me he couldn't connect, I have no other clues.. So I checked everything again and noticed the cert issue. It's `openssl` complaining but it looks like lagrange works just fine (again for me at least). Also, one other person registered (I got mail), so I guess it works :)
2025-05-24 ยท 11 months ago
3 Later Comments โ
๐ฆ roughnecks [OP] ยท 2025-05-24 at 21:08:
I would still like to know if I can fix that issue. I have a molly-brown server on main domain and openssl doesn't complain there.
๐ skyjake [mod...] ยท 2025-05-25 at 12:29:
I can't recall if I've ever tested a certificate chain on a GmCapsule server. I'm not sure if OpenSSL requires a chain to be loaded differently than a single certificate, so perhaps I'm just calling the wrong API or something.
In any case, if you try to connect via regular openssl, it will try to verify the certificate(s) against known root CAs, which is usually not relevant with Gemini servers and the TOFU security practice.
๐ฆ roughnecks [OP] ยท 2025-05-25 at 17:45:
ok but in the base domain, where molly-brown is running, lagrange says it's verified by CA, while bubble isn't.
Maybe not a big issue though?
โ /u/roughnecks/image/464.jpeg
Original Post
โ bolla.woodpeckersnest.space:1967/
return code: 21 โ Hello, I'm getting "Verify return code: 21 (unable to verify the first certificate)" when using openssl to my bubble instance and, while I can connect just fine, a friend cannot. Is that the issue? How am I supposed to fix it? I tried fullchain.pem, a chained pem but always end up in the same error. I'm using let's encrypt. Thanks