Hello everyone, and thanks for your time.
I am currently setting up an update environment for our current GitLab environment.
One of the functions that is trying to be enabled is SSL, through the ACME protocol, letsencrypt.
Within our LAN, we already have a DNS service already configured, with the record ‘gitlab.dev.primary’ pointing to the update environment; and we also have our own ACME Provider API based on Step-CA solution.
acme_staging_endpoint, have already been configured to point to our ACME provider API.
The problem we are having is that when executing
gitlab-ctl reconfigure, when trying to issue the certificate, the following error appears:
Running handlers: There was an error running gitlab-ctl reconfigure: letsencrypt_certificate[gitlab.dev.primary] (letsencrypt::http_authorization line 6) had an error: Acme::Client::Error::RejectedIdentifier: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: Acme::Client::Error::RejectedIdentifier: Error creating new order :: Cannot issue for "gitlab.dev.primary": Domain name does not end with a valid public suffix (TLD)
Apparently the DNS zone
.primary does not meet the conditions for issuing the certificate; although we have already issued certificates for this zone with our ACME Provider API with other products, such as
Since this is an internal environment, not public; and that I am using my own ACME provider API, shouldn’t it be possible to issue the certificate? is there a way to bypass or disable this validation?
Thank you again for your time and I apologize for my bad English.