Comment by 🐦 roughnecks

Re: "return code: 21"
In: s/Bubble

I would still like to know if I can fix that issue. I have a molly-brown server on main domain and openssl doesn't complain there.

🐦 roughnecks [OP]

May 24 · 7 months ago

2 Later Comments ↓

🕹️ skyjake [mod...] · 2025-05-25 at 12:29:

I can't recall if I've ever tested a certificate chain on a GmCapsule server. I'm not sure if OpenSSL requires a chain to be loaded differently than a single certificate, so perhaps I'm just calling the wrong API or something.

In any case, if you try to connect via regular openssl, it will try to verify the certificate(s) against known root CAs, which is usually not relevant with Gemini servers and the TOFU security practice.

🐦 roughnecks [OP] · 2025-05-25 at 17:45:

ok but in the base domain, where molly-brown is running, lagrange says it's verified by CA, while bubble isn't.

Maybe not a big issue though?

— /u/roughnecks/image/464.jpeg

Original Post

🌒 s/Bubble
— bolla.woodpeckersnest.space:1967/

return code: 21 — Hello, I'm getting "Verify return code: 21 (unable to verify the first certificate)" when using openssl to my bubble instance and, while I can connect just fine, a friend cannot. Is that the issue? How am I supposed to fix it? I tried fullchain.pem, a chained pem but always end up in the same error. I'm using let's encrypt. Thanks

💬 roughnecks · 5 comments · May 23 · 7 months ago