GitLab CI/CD Runner Registration - tls: failed to verify certificate: x509: certificate signed by unknown authority

GitLab CI/CD Runner Registration Certification / Verification Issue

Hi all,

I am looking to get started with CI/CD with GitLab for the first time. I am using a newly built server running Debian 12, athough this issue is reproduceable in my Ubuntu 22.04 WSL instance as well. I can successfully register a runner on my Windows 10 machine ONLY. I have installed gitlab by following this tutorial: Download and install GitLab | GitLab

I have installed git as well and the version returns 2.39.2.

I have also installed gitlab-runner through this tutorial: Install GitLab Runner manually on GNU/Linux | GitLab and can issue gitlab-runner --version to see I’m running Version 16.10.0.

I am now at the point of trying to register my runner, which is where I’m having issues. I am following this guide: Registering runners | GitLab

I navigate to the Git project’s CI/CD page, and expand the runners section:

I issue the register command: sudo gitlab-runner register and input the URL and token as the prompts request. I am then met with this error:

WARNING: Support for registration tokens and runner parameters in the ‘register’ command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see Migrating to the new runner registration workflow | GitLab
ERROR: Registering runner… failed runner=3_v32jUR status=couldn’t execute POST against <url_from_screenshot>api/v4/runners: Post “<url_from_screenshot>api/v4/runners”: tls: failed to verify certificate: x509: certificate signed by unknown authority
PANIC: Failed to register the runner.

As I mentioned at the top of the post, I am able to register a runner on my Windows machine, and don’t receive the warning, so I pay it no mind.

I believe the error to be related with permissions / security, though I can pull / push from and to this repo without problems.I had seen posts online about “ca.crt” or something of the sort, but I do not seem to have a “certs” directory in my gitlab-runner install folder. Nor do I have any authentication token in my gitlab-runner config.toml.

I have also ensured the latest ca-certificates is installed: apt update && apt install -y ca-certificates

Thanks in advance

Hi all,

I have figured out the solution:

  1. Use openssl command to fetch the certificate directly from the GitLab server and save it to a file:

    openssl s_client -showcerts -connect <git_url>:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > gitlab.crt
    
  2. View the received certificate (this returns a big blob of data):

    openssl x509 -in gitlab.crt -text -noout
    
  3. Add GitLab Server Certificate to Trusted Certificates:

    sudo mkdir -p /usr/local/share/ca-certificates/
    sudo cp gitlab.crt /usr/local/share/ca-certificates/
    sudo update-ca-certificates
    
  4. Retry GitLab Runner Registration:

    sudo gitlab-runner register
    
  5. Follow through with the prompts and now I don’t receive the tls error:

Runtime platform arch=amd64 os=linux pid=7215 revision=81ab07f6 version=16.10.0
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
<url_from_screenshot>
Enter the registration token:
<token_from_screenshot>
Enter a description for the runner:
<machine_hostname>: Test description
Enter tags for the runner (comma-separated):
test_tag
Enter optional maintenance note for the runner:
Test maintenance note
WARNING: Support for registration tokens and runner parameters in the ‘register’ command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see Migrating to the new runner registration workflow | GitLab
Registering runner… succeeded runner=<runner_id>
Enter an executor: kubernetes, custom, parallels, virtualbox, docker, docker-autoscaler, instance, shell, ssh, docker-windows, docker+machine: