Lets Encrypt certificate doesn't auto-renew

I’ve got the following in my gitlab.rb file:

letsencrypt['enable'] = true                    
external_url "https://gitlab.my-domain.com"       
letsencrypt['contact_emails'] = ['foo@my-domain.com']

...
nginx['custom_gitlab_server_config']="location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"

The certificate fails to autorenew, and I get an email saying that the staging certificate is expiring and I should renew it.

When the command gitlab-ctl renew-le-certificate is run, the certificate renews successfully.

I was wondering where else I can look for clues as to why auto renewal doesn’t work?

The version of Gitlab is used is 13.12.11

Thanks

Hi,

Perhaps you need to configure these settings in gitlab.rb: SSL Configuration | GitLab

Check that these haven’t been disabled, or for example the auto_renew being set to false. You can also set specific dates/time for auto-renewal which might also help since by default it will attempt to do it every 4 days. A default certbot install outside of Gitlab would do it every 12 hours via cron. So you can configure Gitlab to do it similar to this and make it more frequent.

GitLab runs its own crond to run /opt/gitlab/bin/gitlab-ctl renew-le-certs:

Check:

1. Check that /var/opt/gitlab/crond/letsencrypt-renew exists.
2. Log files in /var/log/gitlab/crond.

Note that if your machine isn’t up when the cron job is scheduled, the renew won’t happen.