_pygit2.GitError: user rejected certificate when Salt is trying to connect

Hi there,

First time using GitLab, and first post - so apologies for the newbie question.

I’m trying to integrate SaltStack with GitLab to us as a fileserver backend following this document: Git Fileserver Backend Walkthrough

I know this is a GitLab forum, but I’m wondering if it is related to how I have set up GitLab or the user configuration.

I have installed GitLab 14.0.1 and configured it with a CA-signed certificate of my org (not self-signed). Both Salt and GitLab have CA-signed certs and everything looks OK there.

When defining the gitfs fileserver in Salt, I am getting these errors on the Salt master:

_pygit2.GitError: user rejected certificate for git.xxx.local
2021-06-29 15:22:23,131 [salt.utils.gitfs :1893][ERROR ][1011] Error occurred fetching gitfs remote ‘https://git.xxx.local/root/ssc.git’: user rejected certificate for git.xxx.local
Traceback (most recent call last):
File “/usr/lib/python3.7/site-packages/salt/utils/gitfs.py”, line 1864, in _fetch
fetch_results = origin.fetch(**fetch_kwargs)
File “/usr/lib/python3.7/site-packages/pygit2/remote.py”, line 147, in fetch
payload.check_error(err)
File “/usr/lib/python3.7/site-packages/pygit2/callbacks.py”, line 93, in check_error
check_error(error_code)
File “/usr/lib/python3.7/site-packages/pygit2/errors.py”, line 65, in check_error
raise GitError(message)
_pygit2.GitError: user rejected certificate for git.xxx.local

I created this new file /etc/salt/master.d/file.conf on the Salt master:

file_roots:
base:
- /srv/reactor
- /srv/salt

fileserver_backend:

  • sseapi
  • gitfs
  • roots

gitfs_remotes:

gitfs_user:

  • root

gitfs_password:

  • root_passwordj

Question: is this a GitLab issue where the root user needs some special configuration, or is this a Salt issue?