Hi Guys,
Ive configured GitLab to work with SSL certificate signed by StartSSL. TLSV1. by this manual
Website working fine with HTTPS and fetch working ok.
The issue start when i try to use push command.
when i try to use push i get this error:
git push
Writing objects: 100% (3/3), 237 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:128:in add_file': system lib (OpenSSL::X509::StoreError)** remote: from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:128:in cert_store’
remote: from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:70:in http_client_for' remote: from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:95:in request’
remote: from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:119:in post' remote: from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:31:in check_access’
remote: from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_access.rb:23:in exec' remote: from hooks/pre-receive:17:in ’
To https://gitlab./vitaly/dummy.git
! [remote rejected] master → master (pre-receive hook declined)
error: failed to push some refs to 'https://gitlab./vitaly/dummy.git’
any thoughts?
looks like ssl certification failure.
are you done this step if you use slef signed cret?
In the config.yml of gitlab-shell set self_signed_cert to true
if not this case, there’v another bad way, just modify gitlab-shell/hooks/pre-receive, change code exit 1 to exit 0 to pass validata
Hello. How setup https for git-shell with certificate from godaddy. I have 3 files (for other servers):
mydomain.key, d281a51f47fbb17d.crt, gd_bundle-g2-g1.crt. How I must modify those certs and configure /home/git/gitlab-shell/config.yml for resolve:
Administrator / test1 ... repository is empty
test1 / Test1Project1 ... repository is empty
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: /home/git/gitlab-shell/lib/gitlab_net.rb:128:in `add_file': system lib (OpenSSL::X509::StoreError)
from /home/git/gitlab-shell/lib/gitlab_net.rb:128:in `cert_store'
from /home/git/gitlab-shell/lib/gitlab_net.rb:70:in `http_client_for'
from /home/git/gitlab-shell/lib/gitlab_net.rb:95:in `request'
from /home/git/gitlab-shell/lib/gitlab_net.rb:115:in `get'
from /home/git/gitlab-shell/lib/gitlab_net.rb:52:in `check'
from /home/git/gitlab-shell/bin/check:12:in `<main>'
gitlab-shell self-check failed
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
Please fix the error above and rerun the checks.
I don’t know how right insert my certs to config. All manuals describe how setup gitlab with pem keys
Now /home/git/gitlab-shell/config.yml:
---
user: git
gitlab_url: https://repository.mydomain.com/
http_settings:
ca_file: /etc/ssl/private/mydomain.com.chained.crt # cat d281a51f47fbb17d.crt gd_bundle-g2-g1.crt > d281a51f47fbb17d.crt, gd_bundle-g2-g1.crt
ca_path: /etc/ssl/private/
self_signed_cert: true
repos_path: "/home/git/repositories/"
auth_file: "/home/git/.ssh/authorized_keys"
redis:
bin: "/usr/bin/redis-cli"
namespace: resque:gitlab
socket: "/var/run/redis/redis.sock"
#log_level: INFO
log_level: DEBUG
audit_usernames: false
I faced the same problem and I resolved it in the following easy way:
- run
ruby -ropenssl -e 'puts OpenSSL::X509::DEFAULT_CERT_FILE' - this will show you default OpenSSL certs path. In my case it is /usr/lib/ssl/cert.pem
- go to the directory above and put an appropriate PEM file with trusted root CA certificates (you can grab it from http://curl.haxx.se/docs/caextract.html)
- Do
sudo -u git -H editor /home/git/gitlab-shell/config.yml and comment out ca_file and ca_path lines, make sure that self_signed_cert: false
-
sudo service gitlab restart, then check it via sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production - everything should be fine.