Connection reset by peer in connection to gitlab.EXPUNGED.com:443

Problem to solve

When attempting to connect to my self-hosted GitLab instance via my domain set in gitlab.rb I am given a Connection Reset message
This started happening after an upgrade to the latest version however it was running smoothly but after a few days of usage this error has started to occur.
My NGINX is listening on both 443 & 80.

Configuration

My /etc/gitlab/gitlab.rb

external_url 'https://gitlab.EXPUNGED.com'
mattermost_external_url 'https://mm.EXPUNGED.com'
mattermost['enable'] = true
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "EXPUNGED"
mattermost['gitlab_secret'] = "EXPUNGED"
mattermost['gitlab_scope'] = "read_user"
mattermost['gitlab_auth_endpoint'] = "https://gitlab.EXPUNGED.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "https://gitlab.EXPUNGED.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "https://gitlab.EXPUNGED.com/api/v4/user"
mattermost_nginx['enable'] = true
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['adam@EXPUNGED.com'] # This should be an array of email addresses to add as contacts
letsencrypt['auto_renew'] = true

Versions

Self-managed 16.7.7-ee


GitLab information
Version:        16.7.7-ee
Revision:       8d2bc7e01af
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     13.13
URL:            https://gitlab.EXPUNGED.com
HTTP Clone URL: https://gitlab.EXPUNGED.com/some-group/some-project.git
SSH Clone URL:  git@gitlab.EXPUNGED.com:some-group/some-project.git
Elasticsearch:  no
Geo:            no
Using LDAP:     no
Using Omniauth: yes
Omniauth Providers:
  1. Does the problem occur in different browsers?
  2. Is there are firewall put in place, and were there any policy changes that correlate to the first error occurance?
  3. Was the operating system updated too, when GitLab was updated?
  4. Anything in the logs at the time the error occurs? (GitLab log, syslog, firewall)

You can also test connection attempts on the CLI.

curl https://gitlab.EXPUNGED.com 
sslscan https://gitlab.EXPUNGED.com 

while true; do curl https://gitlab.EXPUNGED.com && sleep 1; done

Thank you for your reply.

  1. Yes, when using Opera GX, Chrome (Desktop) & Chrome (Android) the same error occurs.
  2. UFW is enabled but does not restrict connections from port 80 or 443. No policy changes were made.
  3. No.
  4. In my Gitlab Logs, I get this error.
cat /var/log/gitlab/gitlab-rails/production.log
Raven 3.1.2 configured not to capture errors: DSN not set

When attempting to test the connection to https

curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to gitlab.EXPUNGED.com:443

Also apologies for the late reply, my provider’s infrastructure completely prevented any inbound & outbound connections but it’s been resolved.

1 Like

No worries, glad you came back and provided a solution for everyone following along.

My problem with GitLab was not resolved, my providers unexpected downtime was resolved.

Thanks for the comment.

In order to solve my problem I just completely removed all my SSL certs, and re-make them with Lets-Encrypt.

  1. Completely removing the SSL certificates.
rm -r /etc/gitlab/ssl/*

If you want to removed separate SSL certificates use

ls /etc/gitlab/ssl

rm /etc/gitlab/ssl/<HOSTNAME FILE>
  1. Use gitlab-ctl reconfigure to have Let’s Encrypt create new ones for you.
gitlab-ctl reconfigure

If it has an error with failing to connect to a URL with acme-staging-v02, you will have to stop the Nginx or Apache then run the reconfigure command again.

gitlab-ctl reconfigure
  1. profit, it started working.