Issue Installing SSL Cert


#1

Hi. I am having an issue getting our SSL cert to work on our internal gitlab server. When browsing to the site after installing the cert I get an invalid cert for this reason:

“This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.”

Obviously I’ve tried importing the root certificates to /usr/local/share/ca-certificates/ and then run update-ca-certificates

Still the same errors persists.

We are running Ubuntu 18.04.

Where is the certificate chain supposed to be imported?

I have concatenated the bundle with the original cert and saved that as a .crt and then place that file in /etc/gitlab/trusted-certs/ and then run gitlab-ctl reconfigure

Can anyone explain why I get am getting this cert error? What am I doing wrong? The cert was issued by Sectigo.

Also when viewing the cert from the browser it does not contain the right information. The issued by field contains the name of the server. Looking at the original cert that was sent to me it is issued by sectigo.


#2

I was able to resolve this by forcing the server to redirect http to https. After that the nginx service would not start. I then ran this command:

sudo gitlab-ctl tail nginx

Which showed me that there was an error with /etc/gitlab/ssl/my.domain.com.key

I then copied the key I used to generate the CSR and ran a gitlan-ctl reconfigure and everything is working like a charm now. Not sure what private key I had in the ssl directory but it was not the one I used to generate the CSR with openssl. I hope this helps someone along the way!