I am running CE version 13.5.4. I have lets encrypt enabled on my config file. Lets encrypt was working correctly until about 6-8 months ago, but did not realize it until today. I do know that my public IP changed around that time, but I did update my A record to point to the new IP. I dont think that is the issue, but that is the only network change that has been done since. When I attempted to manually renew it I am getting the following error message.
Error executing action run
on resource ‘ruby_block[create certificate for gitlab.mydomain.com]’
Does gitlab store my old IP anywhere?
Any idea on how to fix this issue?
From your server ping gitlab.mydomain.com or check to see it resolves correctly.
Hello,
Yes I am able to ping the server. I am able to connect to it via a browser and ssh without any issues using the FQDN. On my laptop I have the site as trusted so I never noticed the cert expired until yesterday when I attempted to clone a repo to a new machine.
And the server is also publicly available outside of your office? Check that you can access it from home without using vpn etc since for letsencrypt to renew the server must be accessible on http port 80. Check https port 443 is also publicly available.
YES I am able to access it publicly without any issues. I do get the cert error, but it lets me connect to it.
Thanks,
Strange as if publicly available cert should renew. Try:
gitlab-ctl reconfigure
I am getting the following error:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.mydomain.com] (letsencrypt::http_authorization line 5) had an error: RuntimeError: acme_certificate[production] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 46) had an error: RuntimeError: ruby_block[create certificate for gitlab.mydomain.com] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitlab.mydomain.com] Validation failed, unable to request certificate
So the problem seems to be letsencrypt is unable to connect to your server for verifying the certificate. If port 80 is not blocked and goes to the gitlab server, then perhaps something is unique with your installation or server environment which is stopping this from happening. This could be anything. I’ve seen issues, when people attempt to run Gitlab on a server with other applications running such as Apache or Nginx, so they don’t use the bundled Nginx with Gitlab, so could be an Nginx issue being misconfigured. Or that your ports 80/443 are being proxied via another server for example.
But without knowing your install, cannot say for sure. You’ll have to check, because obviously something is wrong with your configuration/setup/environment because otherwise it would just work. Maybe your public IP is not direct to your Gitlab server, and something in between is messing it all up. Or perhaps you are redirecting port 80 to 443 automatically somewhere before your Gitlab server, which will cause LetsEncrypt to fail because it needs to use port 80 direct on the Gitlab server.
Just some thoughts for you to start debugging and fixing the problem that you have.
Got it working. Although my server does have a public IP, I only had exposed 443/22 NOT 80. I thought 80 was not needed. I opened up 80 and now it is working.
Yes in two of my above posts I mentioned that http port 80 has to be open. So finally we got there.