Dedicated certificate for Gitlab Page


I am trying to get GitLab Pages for GitLab CE installed on my own server to serve a letsencrypt certificate for that specific page, but still serves the certificate for

Settings in gitlab.rb:

external_url ""

nginx['redirect_http_to_https'] = true
nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES256-GCM-SHA384:…"
nginx['ssl_prefer_server_ciphers'] = "on"
nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
nginx['ssl_session_timeout'] = "1d"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem"
nginx['add_header'] = "Strict-Transport-Security max-age=15768000"
nginx['ssl_stapling'] = "on"
nginx['ssl_stapling_verify'] = "on"

pages_external_url ""
gitlab_pages['enable'] = true
pages_nginx['enable'] = true
pages_nginx['redirect_http_to_https'] = true
pages_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
pages_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
pages_nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES256-GCM-SHA384:…"
pages_nginx['ssl_prefer_server_ciphers'] = "on"   
pages_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
pages_nginx['ssl_session_timeout'] = "1d" 
pages_nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem"
pages_nginx['add_header'] = "Strict-Transport-Security max-age=15768000"

Symlinked certificate files:

root@srv:~# ls -la /etc/gitlab/ssl/
dhparam.pem -> /root/letsencrypt/dhparam.pem -> /etc/letsencrypt/live/ -> /etc/letsencrypt/live/ -> /etc/letsencrypt/live/ -> /etc/letsencrypt/live/ -> /etc/letsencrypt/live/ -> /etc/letsencrypt/live/

I symlinked both and as I was not sure which was the way to go, but neither solution seems to work.

Any suggestions what could be the problem?


when those settings are commented, it works as expected:

#pages_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
#pages_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"