Docker Nginx and Gitlab 12.4.2 SSL Certificate Error

How to Use GitLab
#1

Hello i have transferd gitlab 12.4.2 source code to the Docker Version 12.4.2 in the internal company network.

All runs fine but i can not create the ssl certificates.

The url in giltab.rb begins with https://

I have also internet connection

But when i try to run the docker exec gitlab gitlab-ctl reconfigure

The error occurs:

letsencrypt_certificate[gitlab-testtest.XXXX.local] (letsencrypt::http_authorization line 5) had an error: Faraday::ConnectionFailed: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Faraday::ConnectionFailed: execution expired

The nginx is used also by other websites and the config looks like this.

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    #include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        server_name openproject.xxxx.local;
	return 301 $scheme://central.xxx.local:8080;
    }
    server {
    	server_name central.xxxx.local;
    	return 301 $scheme://central.xxxxx.local:9000$request_uri;
    }
    server {
	listen 80;	
        server_name gitlab-testtest.xxxx.local;
	return 301 $scheme://central.xxxxx.local:1080$request_uri;
    }
    server {
        listen 443 ssl; 
	server_name gitlab-testtest.xxxxxx.local;
	ssl_certificate /etc/nginx/ssl/central.xxxxx.local.crt;
        ssl_certificate_key /etc/nginx/ssl/central.xxxxx.local.key;
        return 301 $scheme://central.xxxx.local:1443$request_uri;
    }
    server {
        listen 80;
        server_name tesnipe.xxxx.local;
        return 301 $scheme://central.xxxxx.local:6081$request_uri;
    }
    server {
        listen 80;
        server_name tewiki.xxxxx.local;
        return 301 $scheme://central.xxxxx.local:6080$request_uri;
    }


        
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}

Now i have five questions:

  1. Why occures this error?

  2. How and is it possible to redirect https to http to use no ssl certificate? Because i have to use https url? and why gitlab is always redirected to https and there is no setting set in the gitlab.rb?

  3. What is the reason of the trusted cert folder and how i can certs for this in the company network.

  4. How can i create self cert with docker?

  5. Is it necessary to use https in a internal company network?

Thank you in advance

Rocky