Lets Encrypt certificate doesn't auto-renew

I’ve got the following in my gitlab.rb file:

letsencrypt['enable'] = true                    
external_url "https://gitlab.my-domain.com"       
letsencrypt['contact_emails'] = ['foo@my-domain.com']

...
nginx['custom_gitlab_server_config']="location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"

The certificate fails to autorenew, and I get an email saying that the staging certificate is expiring and I should renew it.

When the command gitlab-ctl renew-le-certificate is run, the certificate renews successfully.

I was wondering where else I can look for clues as to why auto renewal doesn’t work?

The version of Gitlab is used is 13.12.11

Thanks

Hi,

Perhaps you need to configure these settings in gitlab.rb: SSL Configuration | GitLab

Check that these haven’t been disabled, or for example the auto_renew being set to false. You can also set specific dates/time for auto-renewal which might also help since by default it will attempt to do it every 4 days. A default certbot install outside of Gitlab would do it every 12 hours via cron. So you can configure Gitlab to do it similar to this and make it more frequent.

1 Like