_pygit2.GitError: user rejected certificate when Salt is trying to connect

Hi there,

First time using GitLab, and first post - so apologies for the newbie question.

I’m trying to integrate SaltStack with GitLab to us as a fileserver backend following this document: Git Fileserver Backend Walkthrough

I know this is a GitLab forum, but I’m wondering if it is related to how I have set up GitLab or the user configuration.

I have installed GitLab 14.0.1 and configured it with a CA-signed certificate of my org (not self-signed). Both Salt and GitLab have CA-signed certs and everything looks OK there.

When defining the gitfs fileserver in Salt, I am getting these errors on the Salt master:

_pygit2.GitError: user rejected certificate for git.xxx.local
2021-06-29 15:22:23,131 [salt.utils.gitfs :1893][ERROR ][1011] Error occurred fetching gitfs remote ‘https://git.xxx.local/root/ssc.git’: user rejected certificate for git.xxx.local
Traceback (most recent call last):
File “/usr/lib/python3.7/site-packages/salt/utils/gitfs.py”, line 1864, in _fetch
fetch_results = origin.fetch(**fetch_kwargs)
File “/usr/lib/python3.7/site-packages/pygit2/remote.py”, line 147, in fetch
File “/usr/lib/python3.7/site-packages/pygit2/callbacks.py”, line 93, in check_error
File “/usr/lib/python3.7/site-packages/pygit2/errors.py”, line 65, in check_error
raise GitError(message)
_pygit2.GitError: user rejected certificate for git.xxx.local

I created this new file /etc/salt/master.d/file.conf on the Salt master:

- /srv/reactor
- /srv/salt


  • sseapi
  • gitfs
  • roots



  • root


  • root_passwordj

Question: is this a GitLab issue where the root user needs some special configuration, or is this a Salt issue?