I have a GitLab CE installation set with HTTPS on Ubuntu 14.04. Everything is working find except cloning over https.
To enable HTTPS I did the following configs in gitlab.rb: external_url ‘https://my-domain.com’; nginx[‘redirect_http_to_https’] = true
I also added my COMODO certificate files to the following path: /etc/gitlab/ssl/my-domain.com.crt /etc/gitlab/ssl/my-domain.com.key
I can access UI over https, I can clone over SSH using a SSH Key but I can’t clone over HTTPS.
I get the following error: fatal: unable to access ‘https://my-domain.com…’: SSL certificate problem: unable to get local issuer certificate
I tried all kind of solutions found on web but none of them are working so I would really appreciate your help.
We are having the same problem here. What version of Git are you using on your client?
I try this locally I get this:
X:\Temp\gitlab\project>git clone https://test-gitlab.ramsoft.biz/wpostma/personal1.git
Cloning into 'personal1'...
fatal: unable to access 'https://test-gitlab.ramsoft.biz/wpostma/personal1.git/': SSL certificate problem: unable to get local issuer certificate
On the server side I see this log:
Server Log
> /var/log/gitlab/nginx/gitlab_error.log <
2016/04/26 13:21:25 [crit] 47733#0: *31 SSL_shutdown() failed (SSL: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init) while SSL handshaking, client: 192.168.215.50, server: 0.0.0.0:443
Doing a little googling it appears to be an openssl bug. But I’m not sure. I can clone over ssh as well but not over https.
Did you go look in your logs? Are you aware of the gitlab-ctl tail command, which you run like this:
Is there any solution found for this solution. Facing same issue. I am nit using self signed certificates by verified certificates. Can some one give me a clue.
You can disable certificate validation temporarily for openssh in git but a better solution is to update the root ca file that git plus its openssh configs are reading. There is lots of discussion on stackoverflow about it.
I’m having the same issue. That setting fixes command line Git but GitLab still fails the clone. How do I tell GitLab to ignore ssh keys? I’m using the omnibus EE version.
It is not possible to tell Gitlab to ignore SSH keys. All requests which come through SSH are verified with their matching SSH keys in the .authorized keys file.
Can you further elobrate the below statement[quote=“Lazy8s, post:7, topic:1977”]
That setting fixes command line Git but GitLab still fails the clone.
[/quote]
http.sslverify=false in .gitconfig file as a temporary solution.
This setting works for my command line Git, but GitLab still check for the SSH key. My corporate self-signed cert is messed up and I have no way to fix it. It is really inconvenient GitLab stand-alone installs cannot ignore SSH keys.
Copied my crt and key (which are from DigiCert and a real SSL not self-signed) into the /etc/gitlab/ssl folder then reconfigured.
website https works fine, ssh works fine, but clone over https always fails with fatal: unable to access ‘https://my-domain.com…’: SSL certificate problem: unable to get local issuer certificate