Reconfiguring to https

I updated my gitlab to the latest version and tried to reconfigure from http to https.

I already done it in the past when i had certificates of my domain registrar.
As of today i’m using letencrypt certificates but i did not request them trough gitlab instance but on my laptop using dns challenge.

as for the certificates,
i requested them using dns challenge on my domain:

domain: (requsted certificate for domain)

where as and are parked domains

for the reconfiguration i follow the guides provided by gitlab
changed external url to :
set my certificates

did not change settings for lets encrypt
because i tought they where not necessary as i requested them somewhere else and not trough gitlab.

the reconfigurationsuccessded however i cannot access my gitlab instance.
Normally my gitlab is behind a reverse proxy but for troubleshooting i disabled it and set a portforwarding in my router to my gitlab vm. port 443 to gitlab ip.

i have follow and or used these resources:

as for the last one this was to figure out which pem certificate i needed that gitlab asked -> is this correct?

Any idea what might be wrong or any idea where to start troubleshooting.
my firewall has rules to allow it:

so troubleshooting through wireshark i get a syn to the server while the server replies with rst, ack instead of the syn ack it should do where after tls handshaking would start.

when listing all listening ports i don’t see port 443 listed that could explain why it sending a rst, ack.
when doing sudo gitlab-ctl status it is saying nginx down which does explain it, however when doing:
sudo systemctl status gninx it says no nginx service found which is kind of strange.

what can i do about that?


When looking further into it i figured that nginx is crashing for some reason
I went to the error log using root account and so error no ssl certificate to listen at var/opt/gitlab/nginx/conf/gitlab-conf

however when checking the conf file with root account, the ssl certificates are listed as of the gitlab.rb config file, the only thing i can imagine is that it does not have permissions or it cannot read as both are pem extension and not key and crt

what to do next?

Hi @tim.clinckemalie! Thanks for providing so much information about this. I have been doing some research into what you are experiencing and I have got to say: I am a bit puzzled!

I notice that it’s been a while since you posted about this, so if you have made headway on your own, please let me know!

The experts say the next most helpful thing will be to look at the output when you run gitlab-ctl reconfigure .

In addition, you can send a sanitized version of your /etc/gitlab/gitlab.rb file to me via DM ! :blush:

Talk soon!

thanks for the feedback,

at this point I already figured it out.
but i made a solution which is probably not the thing you should do.

when creating a configuration for nginx you have got root path and then both certificates.
I could see this in gitlab but not in nginx so i made my configuration for https for gitlab in nginx and restarted and worked fine.
in the confguration for listening to https there were simply no certificates listed so i never was going to work.

But yet again whe doing gitla-reconfigure it should add the certificates automatically so why it didn’t i don’t know. but hey it’s working now.

1 Like