Okay, I solved this myself by removing all nginx ssl path configurations and adding:
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
Okay, I solved this myself by removing all nginx ssl path configurations and adding:
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
Hello pmatos, I have exactly the same problem. Which nginx ssl path configurations did you remove to get it working?
I just had the same issue but with mattermost, I was able to fix it by commenting out
mattermost_nginx['redirect_http_to_https'] = true
and running reconfigure
I have the same question! What specific SSL configurations did you comment out?
I had the same issue, but, unfortunately, pmatos’s solution didn’t work for me. I’m using Gitlab from docker image gitlab/gitlab-ce:11.3.3-ce.0
.
In my case the main reason of the error Validation failed for domain
was the fact that during validation process certbot put special file to the directory /var/opt/gitlab/nginx/www/.well-known/acme-challenge/
, in my case it was something like:
/var/opt/gitlab/nginx/www/.well-known/acme-challenge/V0kLCyM7gI7q5LNxir0iIL2dSM0RimDgx91MtuBgbf9
Then Letsencrypt trying to request the file http://example.com/.well-known/acme-challenge/V0kLCyM7gI7q5LNxir0iIL2dSM0RimDgx91MtuBgbf9
, but in my case this file wasn’t accessible via http!
To solve this issue I added following line to the /etc/gitlab/gitlab.rb
:
nginx['custom_gitlab_server_config'] = "location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"
This makes files in the directory /var/opt/gitlab/nginx/www/.well-known/acme-challenge/
accessible via http.
Also I had to temporary turn off https:
letsencrypt['enable'] = false
(with enabled letsecrypt my docker container couldn’t start, when container started without letsencrypt support, I turned this option back).
Also I removed all old certificates from /etc/gitlab/ssl/
.
Then I started docker container and run:
gitlab-ctl renew-le-certs
New certificates successfully appeared in /etc/gitlab/ssl/
. Then I run:
gitlab-ctl reconfigure
Eventually Gitlab started succssfully!
Thanks romka. This line fixed it for me too:
nginx['custom_gitlab_server_config'] = "location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"
I had the redirect_http_to_https settings enabled already and those alone didn’t fix it.
I can’t get any of this to work. I’m not sure but does my subdomain have to be available in DNS for letsencrypt to be able to verify it?
I’m pretty sure this is the dumbest of all solutions, but I simply forgot to turn off apache2 since it is blocking the port 80.
solved the issue for me,
letsencrypt['enable'] = true
letsencrypt['auto_renew'] = true
letsencrypt['auto_renew_hour'] = 0
letsencrypt['auto_renew_minute'] = 30
letsencrypt['auto_renew_day_of_month'] = "*/4"
nginx['custom_gitlab_server_config'] = "location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"
Thx a lot mate
Related to the port 80:
http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>
”About the challenge types:
ACME client:
Yet regarding the “DNS challenge” (DNS-01), I found this another topic: Validation Of Let's Encrypt - Help - Let's Encrypt Community Support
Needed to do this when upgrading to v12.0.0
It won’t validate for me. I’ve added a test.html file to the /var/opt/gitlab/nginx/www/.well-known/acme-challenge/ folder and can access it via:
http://gitlab.notarealdomain.comcom/.well-known/acme-challenge/test.html
I can’t access the random file letsencypt needs to access though because it gets deleted by the system automatically. It looks like it gets deleted before the validate runs? Would that be the cause? Here is the output:
ruby_block[create certificate for gitlab.notarealdomain.comcom] action run
Error executing action run
on resource ‘ruby_block[create certificate for gitlab.notarealdomain.comcom]’
[gitlab.notarealdomain.comcom] Validation failed, unable to request certificate
Got a quite similar error.
It was my mistake, tho.
I’ve forgotten to change the external URL from http to httpS.
that’s precious advice. solved my issue after 3 hour struggle.
if anyone still has problem with letsencrypt certificates after gitlab update, I resolved the issue by including the custom_gitlab_server_config posted above AND removing current certs from /etc/gitlab/ssl/. gitlab-ctl reconfigure did run successfully after
I faced the similar problem/error.
@romka 's answer helped me.
Here are the detailed steps : https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4900#note_292031191
Roman! You’re helped me so much! I tried to solve it as long as it possible
Thanks !
If someone still has this kind of problem, first you need to verify that the following properties are set correctly in /etc/gitlab/gitlab.rb
:
external_url 'https://yourdomain.com'
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['youremail@company.com']
Other properties can be set to its default