Gitlab.com Pages and automated Letsencrypt SSL renewal

TLDR; Is there a (proper) way to set up a Letsencrypt SSL certificate for a Gitlab.com Pages website with a custom domain with automatic renewal of the certificate?

I’m trying to reduce the amount of servers that I administrate, which is why I’ve recently moved from a privately hosted Gitlab CE instance, to Gitlab.com. Another things I would like to move are my static web pages, which are currently hosted on another VPS.

So, I set up a Pages website for my website repository and that works great. However, before migrating to my custom domain, I would like to be able to set up SSL with Letsencrypt. That should work fine, except for automatic renewal. So far I haven’t found a way to set up automatic renewal of the SSL certificate and have it set up on my Pages website.

Has anyone been able to do this? Perhaps through Gitlab CI? What was the approach that you took?

1 Like

I’m interested in this too. It seems really awkward and error-prone to manually renew keys every 3 months. With all the other great features in gitlab to automate software production including website maintenance, it would be nice to see gitlab enhanced in this way.

I wonder if one can write a build script that does what is needed.

One can imagine a non-interactive version of certbot certonly -a manual -d your.domain.org that runs under a build script. Upon delivery of working fullchain.pem and privkey.pem, then, what would it take to install these programmatically in gitlab server? I’m doing this manually by cut-and-paste (another opportunity for mistakes) but one can imagine there’s an underlying shell command doing the work.

Has this been covered elsewhere? Given the big shift to TLS for improved customer privacy and security, I was hoping this issue could be escalated.

Stephen North graphviz project

hello out there?

This is already old news, but have you seen the Let’s Encrypt GitLab integration?

https://docs.gitlab.com/ee/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.html