I have upgraded my gitlab version CE from 12.6 to 15.6 and I was trying to mirror repositories from new version 15.6 to old one 12.6 which was causing errors.
13:get remote references: create git ls-remote: exit status 128, stderr: “fatal: unable to access ‘https://xxxxx/’: SSL certificate problem: unable to get local issuer certificate\n”.
Can someone help on it.
What SSL certs are you using? A good test would be:
curl https://old-server
and see if it has a self-signed or expired certificate. Check the same for the new server as well.
Hi Walker,
Certificates applied on both servers are Go Daddy Secure Certificate Authority - G2 CA certified and expires on Sep 2024.
curl https://XXXXXXXXX/
curl: (60) Peer’s Certificate issuer is not recognized.
More details here: curl - SSL CA Certificates
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
So it looks like the certificate files haven’t been configured properly on the servers. Curl shouldn’t give errors like that - usually that happens when either self-signed or not deployed correctly.
Usually, you should create a certificate file in /etc/gitlab/ssl directory with the full name of your server, for example gitlab.example.com.crt and gitlab.example.com.key - most likely you have this already. However, the crt file should be a bundle which contains the certificate you purchased, CA certificate and an intermediate certificate. They are applied in that order, so:
CERT
CA CERT
INTERMEDIATE CERT
each of these will have lines that say BEGIN and END, and these also need to be in the file gitlab.example.com.crt. Once you have done this on both servers, you problem should disappear.
Thankyou Walker, issue got solved as you suggested.