On Thu, May 14, 2020 at 11:44 PM Ben <benulo at systemli.org> wrote: > I'm having an issue with elpher where it asks me to approve the site's > SSL cert because it says something like the issuer not being > recognized... well that can't be right, so either I set up Jetforce a > little bit wrong (specified the wrong files?), or this is some issue > with elpher, which I noticed complains about the certs of most Gemini > sites. My issuer is LetsEncrypt, which should be fine. > > Isn't that just because, by default, Jetforce generates it's own certificates and they are self-signed? When browsing with elpher I get this warning all the time, it seems everyone is using self signed certificates. For gemini://gem.bestalbumsintheuniverse.com I am also using Jetforce and accessing with elpher, but I don't get the warnings because I used Let's Encrypt to generate CA certificates. If you've used Let's Encrypt and certbot before, the process is the same as if you were setting up an https site, except that instead of passing the certs in an nginx or Apache config, you pass the cert paths to the Jetforce startup command. For example, here is the startup command I'm using for Jetforce: python3 jetforce.py --host "" --hostname gem.bestalbumsintheuniverse.com --tls-certfile fullchain.pem --tls-keyfile privkey.pem This is of course after I copied the fullchain.pem and privkey.pem files from the /etc/letsencrypt/live/gem.bestalbumsintheuniverse.com/ directory and chown'd them to the user that runs the jetforce server. Hope this helps! -Travis -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20200515/c819 21ed/attachment.htm>
---
Previous in thread (7 of 10): 🗣️ plugd (plugd (a) thelambdalab.xyz)