Let's encrypt configuration fail

amineMT · February 16, 2021, 12:04pm

Hello all

I’m trying to configure my local gitlab-ce server with an SSL certificate from let’s encrypt. on RHEL 8.

I first did this to set the hostname of my server to be like the external URL defined in gitlab.rb

sudo hostnamectl set-hostname gitlab.example.com --static

And then I made these changes to the gitlab.rb file

external_url ' https://gitlab.example.com '

letsencrypt['enable'] = true

letsencrypt['contact_emails'] = ['admin@example.com']

letsencrypt['auto_renew'] = true

letsencrypt['auto_renew_hour'] = 3

letsencrypt['auto_renew_day_of_month'] = "*/7"

nginx['enable'] = true

nginx['client_max_body_size'] = '250m'

nginx['redirect_http_to_https'] = true

nginx['redirect_http_to_https_port'] = 80

And then I ran

sudo gitlab-ctl reconfigure

I keep getting this error message

Error executing action `create` on resource 'letsencrypt_certificate[gitlab.example.com]'
================================================================================

RuntimeError
------------
acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for gitlab.example.com] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitlab.example.com] Validation failed, unable to request certificate, unable to request certificate

PS : I changed example with another name when doing the configuration!

I’ve tried many fixes i found on forums but none of them worked for me.

So would really appreciate any help I can get

iwalker · February 16, 2021, 2:39pm

Hi,

Does your DNS work externally? Is it possible to connect to your server externally when using DNS entries? If not, then this will not work because LetsEncrypt needs to be able to connect back to your server to verify it does actually exist to then activate the certificates.

Once DNS is resolving internally as well as externally, and access to your server via HTTP/HTTPS is also accessible externally, then LetsEncrypt will work fine, but until this is done, it won’t be possible. Either that, or there is some other problem with your configuration but provided I did the above with my install, it works every single time.

amineMT · February 16, 2021, 2:52pm

Hi that makes sense.

Actually my DNS doesn’t work externally, I haven’t been able to configure it yet. Are there any tips on how to do that ?
Thanks

iwalker · February 16, 2021, 6:08pm

Well, usually you manage the DNS with the registrar where you purchased the domain, and so need to create records, to redirect it to the public IP which redirects to your gitlab install. Once that is done, you can then start thinking about the LetsEncrypt certificates.

You can also purchase your own certificates for use, but I think for the time being until you have purchased a domain and configured this to use with your gitlab install, there isn’t much point for that right now as LetsEncrypt will suffice anyway.

amineMT · February 18, 2021, 7:46am

Ok that makes sense. Thank you so much for your help!