As of this writing, gemini://pon.ix.tc/~krixano/ works in bollux, so I'm not sure what was going on earlier.
However, I've had some issues with sites not connecting in the past, and it turns out the problem was that
openssl req -x509 -newkeydefaults to using a v1 certificate, which does not support SNI. Self-signing server authors need to make sure that they use v3 certificates (which I'm not sure how to requisition with openssl; I've yet to set a cert up myself. Though I found an answer on serverfault that might help.)
It'd be nice if someone could write a "best practices for server people" document. Or add it to the existing best practices document.