LFS pushing got x509 certification error

I created an empty repo in gitlab, cloned it to a computer (running Windows), added many files files from another place, and commited with many files traced by LFS. It stucks on the first LFS pushing.

I then push from command line with tracing:

GIT_TRACE=1 git push

Then it shows an error message at last:

17:35:38.695610 trace git-lfs: api error: Post https://XXX.XXX.XXX.XXX/myname/myproject.git/info/lfs/objects/batch: x509: cannot validate certificate for XXX.XXX.XXX.XXX because it doesn't contain any IP SANs

in which XXX is IP address inside our LAN.

I never got this issue before. Why I need to certificate the server address? How to solve it?

This is the config in local workspace:

core.fscache=true
color.diff=auto
color.status=auto
color.branch=auto
color.interactive=true
help.format=html
rebase.autosquash=true
http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
http.sslbackend=openssl
diff.astextplain.textconv=astextplain
filter.lfs.clean=git-lfs clean -- %f
filter.lfs.smudge=git-lfs smudge --skip -- %f
filter.lfs.process=git-lfs filter-process --skip
filter.lfs.required=true
credential.helper=manager
core.editor="C:\\Program Files (x86)\\Notepad++\\notepad++.exe" -multiInst -notabbar -nosession -noPlugin
user.name=MyCoolName
user.email=mycoolname@gmail.com
core.autocrlf=false
core.excludesfile=C:\Users\我的中文名\Documents\gitignore_global.txt
core.editor="C:/Program Files (x86)/GitExtensions/GitExtensions.exe" fileeditor
filter.lfs.clean=git lfs clean %f
filter.lfs.smudge=git lfs smudge %f
filter.lfs.required=true
merge.tool=kdiff3
mergetool.kdiff3.path=C:/Program Files (x86)/KDiff3/kdiff3.exe
diff.guitool=kdiff3
difftool.kdiff3.path=C:/Program Files (x86)/KDiff3/kdiff3.exe
pull.rebase=false
fetch.prune=false
rebase.autostash=false
core.repositoryformatversion=0
core.filemode=false
core.bare=false
core.logallrefupdates=true
core.symlinks=false
core.ignorecase=true
submodule.active=.
remote.origin.url=git@XXX.XXX.XXX.XXX:myname/tbtwebsite.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
branch.master.remote=origin
branch.master.merge=refs/heads/master
user.name=myname
lfs.https://XXX.XXX.XXX.XXX/myname/myproject.git/info/lfs.locksverify=false

Thanks for a lot!

At current, I bypassed this issue by using non-encrypted HTTP setup for whole gitlab. But I still really eager to know how to make LFS connection to work on HTTPS.

Post https://XXX.XXX.XXX.XXX/myname/myproject.git/info/lfs/objects/batch: x509: cannot validate certificate for XXX.XXX.XXX.XXX because it doesn't contain any IP SANs

x509: cannot validate certificate for XXX.XXX.XXX.XXX

x509 errors indicate an error with X.509 certificates.

This problem is not limited to GitLab as this can occur anytime there’s a configuration issue with the (self-signed) certificates used for URLs or IPs accessed over HTTPS.

I suggest you verify that you have the correct CA cert info added to: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt.
If you’re using a self-signed certificate, you can add a SAN (Subject Alternative Name) to the certificate used for this IP so that it is protected by this certificate.

1 Like