Hi,
I received an email of Letsencrypt about my certificate for my GitLab server.
Now I was trying to renew it, but it keeps failing and I’m not very experienced so would like some help.
This is in my /etc/gitlab/gitlab.rb file
## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
external_url 'https://gitlab.***.**'
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['***@gmail.com']
#registry_external_url "https://gitlab.***.**"
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = "12"
letsencrypt['auto_renew_minute'] = "00"
letsencrypt['auto_renew_day_of_month'] = "*/7"
I’ve also tried to add this line:
nginx['custom_gitlab_server_config'] = "location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"
I’ve tried to remove all files in /etcgitlab/ssl, but that didn’t help. A .crt, .key and .key-staging file are created every attempt again.
Running sudo gitlab-ctl reconfigure gives this error:
================================================================================
Error executing action `create` on resource 'letsencrypt_certificate[gitlab.***.**]'
================================================================================
RuntimeError
------------
acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [gitlab.***.**] Validation failed for domain gitlab.***.**
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb
3: letsencrypt_certificate site do
4: fullchain node['gitlab']['nginx']['ssl_certificate']
5: key node['gitlab']['nginx']['ssl_certificate_key']
6: notifies :run, "execute[reload nginx]", :immediate
7: notifies :run, 'ruby_block[display_le_message]'
8: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:3:in `from_file'
letsencrypt_certificate("gitlab.***.**") do
action [:create]
updated true
updated_by_last_action true
default_guard_interpreter :default
declared_type :letsencrypt_certificate
cookbook_name "letsencrypt"
recipe_name "http_authorization"
fullchain "/etc/gitlab/ssl/gitlab.***.**.crt"
key "/etc/gitlab/ssl/gitlab.***.**.key"
alt_names []
cn "gitlab.***.**"
end
System Info:
------------
chef_version=13.6.4
platform=centos
platform_version=7.6.1810
ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.***.**] (letsencrypt::http_authorization line 3) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [gitlab.***.**] Validation failed for domain gitlab.***.**
Both port 80 and 443 are forwarded to my server. Could the problem be in being redirected to https for the control part of letsencrypt? Therefore I added the nginx line as noted above but I don’t know.
Thanks!
Marth