New TLS certificate notification

Purely to complete the audit trail, and for the benefit of the maybe 1 or 2 people who might be affected, this post is to confirm that the TLS certificates for this Gemini capsule changed yesterday and changed again today, so if your browser is acting all cautious and throwing up a message about the certificate being untrusted, that would be why.

Of course, if this were a hostile takeover, this would be exactly the kind of message an attacker would put out, which would make this notification pointless, so I augment it with a crypto-stylometrically-secure limerick:

There once was a blog on the web
Which moved to a gemlog, it's said
The cert's old and busted,
Decreasingly trusted
So it got regenerated using the same private key but with a Subject Alternative Name field instead

Why

The old cert just used a Common Name, because that's all Molly Brown required at the time, but nowadays, the Subject Alternative Name field is needed too, so the latest version of Molly Brown refused to load the old cert. I initially regenerated a completely new cert, triggering a warning in Lagrange and presumably any other client that takes TOFU seriously, but have now re-regenerated a cert using the original private key, per advice from skyjake:

BBS discussion

Thank you skyjake!

If this third cert is successfully recognised as trusted, nobody should ever notice.

Tags

meta

Comments

Add a comment

Back to the index

Proxied content from gemini://lab6.com/mlog/2026/03/27/certificates/ (external content)

Gemini request details:

Original URL
gemini://lab6.com/mlog/2026/03/27/certificates/
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.