I’m setting up my own instance of
GitLab CE at home using version
gitlab-ce-12.8.7-ce.0.el7.x86_64. Once confident that I understand it well enough and have things sufficiently locked down, I’ll clone it onto some cloud
I’m having trouble getting the
letsencrypt component to successfully complete in this
NAT scenario (which I’m sure others have tried).
Here is my error, followed by the setup actions I performed:
user$ sudo gitlab-ctl reconfigure
Running handlers: There was an error running gitlab-ctl reconfigure: letsencrypt_certificate[gitlab.example.com] (letsencrypt::http_authorization line 5) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/ resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for gitlab.example.com] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/ certificate.rb line 108) had an error: RuntimeError: [gitlab.example.com] Validation failed, unable to request certificate`
My Entries in
user$ sudo egrep "letsencrypt|external_url '" /etc/gitlab/gitlab.rb external_url 'https://gitlab.example.com' registry_external_url 'https://registry.gitlab.example.com' mattermost_external_url 'https://mattermost.gitlab.example.com' letsencrypt['enable'] = true letsencrypt['contact_emails'] = ['firstname.lastname@example.org', 'email@example.com'] letsencrypt['group'] = 'root' letsencrypt['key_size'] = 2048 letsencrypt['owner'] = 'root' letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www' letsencrypt['auto_renew'] = true letsencrypt['auto_renew_hour'] = 0 letsencrypt['auto_renew_minute'] = nil letsencrypt['auto_renew_day_of_month'] = "*/4"
DNS and Port-Forwarding Setup:
I also have DNS A-Records for each of the three relevant domains above; all of which point to my ISP static IP address:
gitlab.example.com --> My-ISP-Static-IP-Address registry.gitlab.example.com --> My-ISP-Static-IP-Address mattermost.gitlab.example.com --> My-ISP-Static-IP-Address
And finally, I have my WAN router port-forwarding requests to port
443 from that static ISP IP-Address to the IP-Address of my home
GitLab server (which, just for completness, is
192.168.0.10 and with hostname
vps10). FYI: The hostname of that home
GitLab server is not
gitlab.example.com; it is simply
vps10, because it performs functions besides hosting
GitLab. I don’t think it needs to be the same.
GitLab newbie and (while technical) I don’t understand the error message, or the error log messages. Can friends here help with I might have missed?
Thank you in advance!