Gitlab issue created here. Posting on this forum as well to get quicker support.
I’m having issues when trying to register a Gitlab Runner with self signed certificate, and the steps highlighted on this issue did not solve it for me.
When executing this command:
sudo docker run -it --rm \ -v /srv/gitlab-runner/config.toml:/etc/gitlab-runner/config.toml \ gitlab/gitlab-runner:alpine \ register \ --tls-ca-file=/etc/gitlab-runner/certs/ca-certificates.crt \ --executor docker \ --non-interactive \ --registration-token XXXX \ --docker-image docker:18-dind \ --url https://git.XXXX/ \ --docker-volumes /var/run/docker.sock:/var/run/docker.sock
/etc/gitlab-runner/certs/ca-certificates.crtis present in the docker container.
I get the following error:
ERROR: Registering runner... failed runner=X____G status=couldn't execute POST against https://git.xxx/api/v4/runners: Post https://git.xxx/api/v4/runners: x509: certificate signed by unknown authority PANIC: Failed to register this runner. Perhaps you are having network problems
curl (from the gitlab runner host, not container) to test the certificate, works:
openssl s_client -CAfile /srv/gitlab-runner/certs/ca-certificates.crt -connect git.xxx:443
/srv/gitlab-runner/certs/ca-certificates.crt is already in PEM format, as follows:
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
Also tried to export the certificate directly from the browser as a
pem file, no luck… same error.
What am I missing, please? Thanks in advance!
Installed openssl in the docker container, and ran:
openssl s_client -connect git.XXX:443
It works! So, that proves that the certificate has been loaded in the OS.