Using normal tls certificates with gemini

[Drew DeVault]

I think server software should handle certificates for you and clients
should TOFU them. Dealing with certificates is annoying and dumb and the
CAs are a cabal and we don't need any of that noise in our brave new
gemini future.

My server implementation generates 1-year certificates on startup for
any domain its configured to service, and automatically rotates them.
The admin isn't involved in this in any capacity, except to copy+paste
the certificate store if they move between servers.