Comment by 🕹️ skyjake

Re: "return code: 21"
In: s/Bubble

I can't recall if I've ever tested a certificate chain on a GmCapsule server. I'm not sure if OpenSSL requires a chain to be loaded differently than a single certificate, so perhaps I'm just calling the wrong API or something.

In any case, if you try to connect via regular openssl, it will try to verify the certificate(s) against known root CAs, which is usually not relevant with Gemini servers and the TOFU security practice.

🕹️ skyjake [mod, sysop]

May 25 · 7 months ago

1 Later Comment

🐦 roughnecks [OP] · 2025-05-25 at 17:45:

ok but in the base domain, where molly-brown is running, lagrange says it's verified by CA, while bubble isn't.

Maybe not a big issue though?

— /u/roughnecks/image/464.jpeg

Original Post

🌒 s/Bubble
— bolla.woodpeckersnest.space:1967/

return code: 21 — Hello, I'm getting "Verify return code: 21 (unable to verify the first certificate)" when using openssl to my bubble instance and, while I can connect just fine, a friend cannot. Is that the issue? How am I supposed to fix it? I tried fullchain.pem, a chained pem but always end up in the same error. I'm using let's encrypt. Thanks

💬 roughnecks · 5 comments · May 23 · 7 months ago