Hello Friends:
I’m setting up my own instance of GitLab CE
at home using version gitlab-ce-12.8.7-ce.0.el7.x86_64
. Once confident that I understand it well enough and have things sufficiently locked down, I’ll clone it onto some cloud vps
provider.
I’m having trouble getting the letsencrypt
component to successfully complete in this NAT
scenario (which I’m sure others have tried).
Here is my error, followed by the setup actions I performed:
user$ sudo gitlab-ctl reconfigure
Error:
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.example.com]
(letsencrypt::http_authorization line 5) had an error:
RuntimeError: acme_certificate[staging]
(/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/
resources/certificate.rb line 25) had an error:
RuntimeError: ruby_block[create certificate for gitlab.example.com]
(/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/
certificate.rb line 108) had an error: RuntimeError:
[gitlab.example.com] Validation failed, unable to request certificate`
My Entries in /etc/gitlab/gitlab.rb
:
user$ sudo egrep "letsencrypt|external_url '" /etc/gitlab/gitlab.rb
external_url 'https://gitlab.example.com'
registry_external_url 'https://registry.gitlab.example.com'
mattermost_external_url 'https://mattermost.gitlab.example.com'
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['joe@gitlab.example.com', 'jane@gitlab.example.com']
letsencrypt['group'] = 'root'
letsencrypt['key_size'] = 2048
letsencrypt['owner'] = 'root'
letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = 0
letsencrypt['auto_renew_minute'] = nil
letsencrypt['auto_renew_day_of_month'] = "*/4"
DNS and Port-Forwarding Setup:
I also have DNS A-Records for each of the three relevant domains above; all of which point to my ISP static IP address:
gitlab.example.com --> My-ISP-Static-IP-Address
registry.gitlab.example.com --> My-ISP-Static-IP-Address
mattermost.gitlab.example.com --> My-ISP-Static-IP-Address
And finally, I have my WAN router port-forwarding requests to port 80
and 443
from that static ISP IP-Address to the IP-Address of my home GitLab
server (which, just for completness, is 192.168.0.10
and with hostname vps10
). FYI: The hostname of that home GitLab
server is not gitlab.example.com
; it is simply vps10
, because it performs functions besides hosting GitLab
. I don’t think it needs to be the same.
I’m a GitLab
newbie and (while technical) I don’t understand the error message, or the error log messages. Can friends here help with I might have missed?
Thank you in advance!