Gitlab issue created here. Posting on this forum as well to get quicker support.
I’m having issues when trying to register a Gitlab Runner with self signed certificate, and the steps highlighted on this issue did not solve it for me.
When executing this command:
sudo docker run -it --rm \
-v /srv/gitlab-runner/config.toml:/etc/gitlab-runner/config.toml \
gitlab/gitlab-runner:alpine \
register \
--tls-ca-file=/etc/gitlab-runner/certs/ca-certificates.crt \
--executor docker \
--non-interactive \
--registration-token XXXX \
--docker-image docker:18-dind \
--url https://git.XXXX/ \
--docker-volumes /var/run/docker.sock:/var/run/docker.sock
-
/etc/gitlab-runner/certs/ca-certificates.crtis present in the docker container.
I get the following error:
ERROR: Registering runner... failed runner=X____G status=couldn't execute POST against https://git.xxx/api/v4/runners: Post https://git.xxx/api/v4/runners: x509: certificate signed by unknown authority
PANIC: Failed to register this runner. Perhaps you are having network problems
Using curl (from the gitlab runner host, not container) to test the certificate, works:
openssl s_client -CAfile /srv/gitlab-runner/certs/ca-certificates.crt -connect git.xxx:443
The file /srv/gitlab-runner/certs/ca-certificates.crt is already in PEM format, as follows:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Also tried to export the certificate directly from the browser as a pem file, no luck… same error.
What am I missing, please? Thanks in advance!
Edit:
Installed openssl in the docker container, and ran:
openssl s_client -connect git.XXX:443
It works! So, that proves that the certificate has been loaded in the OS.