Hi there,
I've read (in the fediverse) about a user being unable to set up a custom domain in Flounder. I tried replicating it the same, and got to the same problem: the capsule can't be accessed via the gemini:// protocol because no TLS certificate is sent by the server.
Some details:
* In both cases, a subdomain is used to point to flounder, and using a CNAME DNS record.
```
$ drill bmc.costas.dev
[...]
;; ANSWER SECTION:
bmc.costas.dev. 3100 IN CNAME bebomuchocafe.flounder.online.
bebomuchocafe.flounder.online. 1299 IN A 173.230.145.243
[...]
```
* A TLS certificate is generated by Let's Encrypt for the HTTPS proxy. This can be seen by visiting
=>
https://bmc.costas.dev
* The Gemini server doesn't send a TLS certificate when connecting. This can be tested
```
$ openssl s_client -crlf -connect bmc.costas.dev:1965
CONNECTED(00000003)
139841509586304:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1543:SSL alert number 80
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 316 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
```
-- Ariel Costas