Thanks for the tips. No mention of ecdsa in my acme-client.conf, and I've tried both the fullchain and leaf certs to the same effect.
This morning I also tried a different gemini client just to make sure it wasn't a lagrange-specific issue, but alas. -- Regards, David E. McMackins II www.mcmackins.org On Wed, 2024-08-21 at 16:42 +0000, Lucas Gabriel Vuotto wrote: > On Wed, Aug 21, 2024 at 07:32:34AM GMT, David McMackins II wrote: > > Hello. > > > > I'm trying to set up a gemini server using vger and following the > > instructions in its git repo: https://tildegit.org/solene/vger > > > > However, the TLS handshake with relayd is failing as follows: > > > > rsae_send_imsg: privenc poll timeout, keyop #0 > > relay gemini, session 1 (1 active), 0, 192.168.1.1 -> :11965, TLS > > handshake error: handshake failed: error:1402D438:SSL > > routines:ACCEPT_SW_CERT:tlsv1 alert internal error: Invalid > > argument > > relay_dispatch_ca: privenc result after timeout > > > > I reached out to the vger developer first, and there doesn't appear > > to > > be anything wrong with my relayd config: > > > > log connection > > > > tcp protocol "gemini" { > > tls keypair retro.inetcc.org > > } > > > > relay "gemini" { > > listen on retro.inetcc.org port 1965 tls > > protocol "gemini" > > forward to 127.0.0.1 port 11965 > > } > > <EOF> > > > > My TLS cert/key were generated using acme-client, and I made a > > symlink > > for relayd to find the certificate since the default name from > > acme- > > client is not what relayd is expecting. > > > > I'm wondering if this is actually a bug specific to sparc64 which > > I'm > > running this on. > > Wild guesses that usually bite me with relayd: > > - if my memory serves me right, relayd only supports RSA keys. If you > added "ecdsa" to your acme-client.conf, then that's not going to > fly. > - double-check that you linked the fullchain, not the only the leaf > cert.
