I have a gitlab ce omnibus installation running on Centos 7 - this has been running happily for a year or so (and in its previous incarnation on Centos 6 for several years before that).
We have an internal SSL CA that provides the certificiates for the installation. This used to be enabled by using the older mechanism of putting the root certificate into
/etc/pki/ca-trust/source/anchors, but now uses the method described in https://docs.gitlab.com/omnibus/settings/ssl.html and adds our CA certificate into
However postgres is now failing to start:-
2018-06-11_11:18:49.45811 FATAL: could not load root certificate file "/opt/gitlab/embedded/ssl/certs/cacert.pem": no start line 2018-06-11_11:18:49.45813 LOG: database system is shut down
/opt/gitlab/embedded/ssl/certs/cacert.pem are all the root certificates, including our own, each preceded by a
-----BEGIN TRUSTED CERTIFICATE----- line. [Oddly - our certificate, as supplied to the system originally started with a
-----BEGIN CERTIFICATE----- line.
If I edit that file and remove the word
TRUSTED from the certificate starts, then postgresql starts fine and it all works.
Any ideas as to what the heck is happening here - this only started on very recent versions within the last month or so.