I was up until now getting some LE certificates manually renewed using certbot
but decided to move to automatically managed certificates in gitlab 11.0.1.
However, after setting up the proper variables in gitlab.rb
, I am getting during a gitlab-ctl reconfigure
:
Recipe: letsencrypt::http_authorization
* letsencrypt_certificate[gitlab.linki.tools] action create
* acme_certificate[staging] action create
* file[gitlab.linki.tools SSL key] action create_if_missing (up to date)
* directory[/var/opt/gitlab/nginx/www/.well-known/acme-challenge] action create (up to date)
* file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/RrXdMD2cTteB4BZ75SQDPeKMKVLyA5R6aq84xmcBw7I] action create
- create new file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/RrXdMD2cTteB4BZ75SQDPeKMKVLyA5R6aq84xmcBw7I
- update content in file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/RrXdMD2cTteB4BZ75SQDPeKMKVLyA5R6aq84xmcBw7I from none to d0a818
--- /var/opt/gitlab/nginx/www/.well-known/acme-challenge/RrXdMD2cTteB4BZ75SQDPeKMKVLyA5R6aq84xmcBw7I 2018-08-10 10:19:50.504372251 +0200
+++ /var/opt/gitlab/nginx/www/.well-known/acme-challenge/.chef-RrXdMD2cTteB4BZ75SQDPeKMKVLyA5R6aq84xmcBw7I20180810-4569-13jvrfq 2018-08-10 10:19:50.504372251 +0200
@@ -1 +1,2 @@
+RrXdMD2cTteB4BZ75SQDPeKMKVLyA5R6aq84xmcBw7I.ZMs-47uotHRPS6SEnUAnglLQl2aJN_jnKJk2kzX4ZfA
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
================================================================================
Error executing action `create` on resource 'acme_certificate[staging]'
================================================================================
RuntimeError
------------
[gitlab.linki.tools] Validation failed for domain gitlab.linki.tools
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'
Resource Declaration:
---------------------
suppressed sensitive resource output
Compiled Resource:
------------------
suppressed sensitive resource output
System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=16.04
ruby=ruby 2.4.4p296 (2018-03-28 revision 63013) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
================================================================================
Error executing action `create` on resource 'letsencrypt_certificate[gitlab.linki.tools]'
================================================================================
RuntimeError
------------
acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [gitlab.linki.tools] Validation failed for domain gitlab.linki.tools
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb
3: letsencrypt_certificate site do
4: fullchain node['gitlab']['nginx']['ssl_certificate']
5: key node['gitlab']['nginx']['ssl_certificate_key']
6: notifies :run, "execute[reload nginx]", :immediate
7: notifies :run, 'ruby_block[display_le_message]'
8: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:3:in `from_file'
letsencrypt_certificate("gitlab.linki.tools") do
action [:create]
updated true
updated_by_last_action true
default_guard_interpreter :default
declared_type :letsencrypt_certificate
cookbook_name "letsencrypt"
recipe_name "http_authorization"
fullchain "/etc/letsencrypt/live/gitlab.linki.tools/fullchain.pem"
key "/etc/letsencrypt/live/gitlab.linki.tools/privkey.pem"
alt_names ["registry.linki.tools"]
cn "gitlab.linki.tools"
end
System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=16.04
ruby=ruby 2.4.4p296 (2018-03-28 revision 63013) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.linki.tools] (letsencrypt::http_authorization line 3) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [gitlab.linki.tools] Validation failed for domain gitlab.linki.tools
Running handlers complete
Chef Client failed. 3 resources updated in 12 seconds
Why can’t the validation be completed for my gitlab.linki.tools
domain? Can I find more information somewhere else?