How long does the automatic obtaining of the SSL LetsEncrypt certificate take?
I enable that option on a domain served through gitlab pages, but it’s been several days, and it still says:
GitLab is obtaining a Let’s Encrypt SSL certificate for this domain. This process can take some time. Please try again later.
Hi @saleyn and welcome to the GitLab Community forum!
The GitLab Pages integration with Let’s Encrypt was introduced in version 12.1, so I assume you’re running this version or newer.
According to the documentation, issuing the letsencrypt certificate and updating Pages configuration can take up to an hour . If it is taking several days, something is going wrong. One possible explanation for this would be that letsencrypt is unable to verify ownership of the custom domain.
We should find some indication of the failure in /var/log/gitlab/sidekiq/current.
Can you confirm that Let’s Encrypt integration is enabled on the instance and that the DNS entry and domains were set up correctly as outlined in the Requirements?
Please do note that this feature is in beta and might present bugs and UX issues such as #64870. See all the related issues linked from this issue’s description for more information.
Please also note that this feature covers only certificates for custom domains , not the wildcard certificate required to run Pages daemon . Wildcard certificate generation is tracked in this issue.
I configured the pages for a domain served from gitlab.com. The domain is verified (has green “Verified” status). The certificate is for a custom domain (rather than a wildcard. Is that log file accessible for repositories hosted on gitlab.com? If there is an error somewhere, how can I check for it in such a setup?
Solution: I deleted the domain entry in Pages, recreated, and revalidated it, and after about an hour an SSL certificate was automatically obtained by gitlab. So there must have been an error somewhere previously, but it’s not visible to the gitlab user.