Hi there,
I have tried Let’s Encrypt support in the latest 10.5 release, and it consistently fails when running reconfiguring or renewing certificates with:
- create new file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/3GB2l4IS[REDACTED]
- update content in file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/3GB2l4IS[REDACTED] from none to 7afb49
--- /var/opt/gitlab/nginx/www/.well-known/acme-challenge/3GB2l4IS[REDACTED] 2018-02-23 10:37:23.92874 +0100
+++ /var/opt/gitlab/nginx/www/.well-known/acme-challenge/.chef-3GB2l4IS[REDACTED] 2018-02-23 10:37:23.92874 +0100
@@ -1 +1,2 @@
+3GB2l4IS[REDACTED]
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
================================================================================
Error executing action `create` on resource 'acme_certificate[staging]'
================================================================================
RuntimeError
------------
[gitlab.[REDACTED]] Validation failed for domain gitlab.[REDACTED]
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'
My machine has a public IP accessible by DNS, on port 443 only. Is that part of the problem ?