Gitlab Runner SSL certificate

I haven’t thought that the Gitlab Runner CI documentation will be so bad.

If you simply follow the docs, you cannot get Gitlab Runner CI working. You are hit with: x509: certificate signed by unknown authority error even if GitLab works perfectly fine and I have there an SSL certificate configured.

Why the difference? What are the steps? There is simply no official support and the only topics are for Docker and I am running a straight Centos 7 install.

I’ll asume you are using a self-signed certificate. Any Root CA signed certificates should work natively.

If you’re using self-signed, you’ll need to add it to the trusted list on your runner:
For Debian/Ubuntu:
cp my.crt /usr/local/share/ca-certificates/

For FC/RedHat:
Convert your .crt to .pem
openssl x509 -in mycert.crt -out mycert.pem

cp mycert.pem /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

The link for this information was found here:

Once you get your pem file “installed”, you should then be able to successfully register your runner with your gitlab server.

1 Like

This happened to me as well with a COMODO CA certificate. I believe this is related to multiple other SSL issues in the GitLab ecosystem where various subprocesses do not correctly utilize SNI; however, the certificate in question in this case is also a Wildcard certificate.