After having upgraded on-premise Gitlab from 14.3.* to 14.5, when trying to use AD (LDAP) authentication, the below error started to display:
gitlab Could not authenticate you from Ldapmain because “Ssl connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)”
Before that happened, I updated Letsencrypt certificate of the related AD (LDAP) server like this:
cp -pf path-to-Letsencrypt-root-certificate.pem /etc/gitlab/trusted-certs/ad.pem cat path-to-AD-domain-certificate.pem >> /etc/gitlab/trusted-certs/ad.pem gitlab-cli reconfigure
Everything worked fine, until the update to 14.5. Do I have to store the trusted certificates somewhere else from now on?
As a “quick and dirty solution”, I disabled certificates verification for LDAP, but this is not what I actually need.