Cert Change

Author: Ben <benk@tilde.team>

Sat Mar 19 01:28:06 PM +05 2022

Last year in an attempt to do Gemini the right way, I created a self-signed cert for TOFU, which was configured to expire after one year. I thought this would be more convenient than simply using my LetsEncrypt cert. In a way it was, but now that the expiry date of that cert was nearing and having just renewed my LetsEncrypt cert for my domain recently, I realized that I might as well just use that given the fact that I have it already and all other services on my domain use it.

So, this is kind of not really the TOFU way, but it's simply less work for me. Also, I noted some Gemini browsers like Lagrange will tell you if the cert if verified by an authority. Although, now that I'm checking it on Lagrange, it still says "Not verified by CA". That can't be right...

Well now I don't know what I did wrong, but a cert is a cert. Also this new scheme means kwiecien.us is going to change certs again every three months or so like it used to. Sorry for the inconvenience.

If I do go back to a self-generated cert, I'll try to make it so the new one never expires. That seems to make the most sense. That way all visitors to my capsule will always be sure of its identity. (Not that it matters!)