SSL certificate did not renew automatically and using lets encrypt renew fails (non-standard installation). I need assistance installing a new certificate I created using OPENSSL. New crt and key file in ssl folder but after gitlab-ctl reconfigure runs successfully I cannot use https.
System: Ubuntu 16.04
Current User: git
Using RVM: no
Ruby Version: 2.4.4p296
Gem Version: 2.7.6
Bundler Version:1.16.2
Rake Version: 12.3.1
Redis Version: 3.2.11
Git Version: 2.18.0
Sidekiq Version:5.1.3
Go Version: unknown
GitLab information
Version: 11.2.2
Revision: c815ed0
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
URL: http://gixgitlab.gix.uw.edu
HTTP Clone URL: http://gixgitlab.gix.uw.edu/some-group/some-project.git
SSH Clone URL: git@gixgitlab.gix.uw.edu:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
Hi, how did you name the certificate files? Usually they should be named exactly as the name of your server, so assuming gixgitlab.gix.uw.edu is the hostname then in /etc/gitlab/ssl:
gixgitlab.gix.uw.edu.crt
gixgitlab.gix.uw.edu.key
and then it should use those certs. Will need gitlab-ctl reconfigure afterwards and restart with gitlab-ctl restart.
I created a csr on the gitlab Ubuntu instance, used the csr to create the PEM and PK7 files from InCommon. I copied the contents of the PEM file to create the gixgitlab.gix.uw.edu.crt file. I also updated the gitlab.rb with the external URL to be https://gixgitlab.gix.uw.edu. The gixgitlab.gix.uw.edu.key file was in the ssl directory when I ran gitlab-ctl reconfigure and gitlab-ctl restart.
If both the crt and key files are in /etc/gitlab/ssl with the same name as the servername, then it just simply works. If you are still having problems, then you need to check all the log files in /var/log/gitlab to see why it’s the case.
When I have made my own certs and put them in /etc/gitlab/ssl along with the key, it works everytime, so something is not right with your installation if this isn’t working. Perhaps something wrongly configured in gitlab.rb but impossible to say right now without more details or errors from log files.
I have several self-host Gitlabs and lets-encrypt should work. do you know why it is failing?
You are using a self-created cert and there is something that needs to be changed to make this work - depends on how you set up your Gitlab. Also, it is not suggested to use in production.