Comment by ๐ skyjake
I can't recall if I've ever tested a certificate chain on a GmCapsule server. I'm not sure if OpenSSL requires a chain to be loaded differently than a single certificate, so perhaps I'm just calling the wrong API or something.
In any case, if you try to connect via regular openssl, it will try to verify the certificate(s) against known root CAs, which is usually not relevant with Gemini servers and the TOFU security practice.
2025-05-25 ยท 11 months ago
1 Later Comment
๐ฆ roughnecks [OP] ยท 2025-05-25 at 17:45:
ok but in the base domain, where molly-brown is running, lagrange says it's verified by CA, while bubble isn't.
Maybe not a big issue though?
โ /u/roughnecks/image/464.jpeg
Original Post
โ bolla.woodpeckersnest.space:1967/
return code: 21 โ Hello, I'm getting "Verify return code: 21 (unable to verify the first certificate)" when using openssl to my bubble instance and, while I can connect just fine, a friend cannot. Is that the issue? How am I supposed to fix it? I tried fullchain.pem, a chained pem but always end up in the same error. I'm using let's encrypt. Thanks