I have installed with omnibus and configured GitLab with https.
I used letsencrypt for this task.
Everything is running on a CentOS 7 server.
I have tried to mannually renew the cert with the following command :
certbot renew
but it fail :
Attempting to renew cert (domain) from
/etc/letsencrypt/renewal/domain.conf produced an unexpected error:
Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/domain/fullchain.pem (failure)
I have searched around and it looks like it’s because I have a running web server, but when I check any running service I have the following output :
systemctl status nginx
Unit nginx.service could not be found.
systemctl status httpd
Unit httpd.service could not be found.
I checked port 80 and 443 to see if they’re taken with my custom script :
#!/bin/bash
function is_port_free {
netstat -ntpl | grep $1 -q ;
if [ $? -eq 1 ]; then
echo "free"
else
echo "taken"
fi
}
port80=$(is_port_free 80)
if [ "$port80" == "taken" ]; then
echo "Port 80 is taken"
else
echo "Port 80 is free"
fi
port443=$(is_port_free 443)
if [ "$port443" == "taken" ]; then
echo "Port 443 is taken"
else
echo "Port 443 is free"
fi
Here is my output :
Port 80 is taken
Port 443 is taken
And here is my cron :
0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
Do I have to stop my gitlab instance with gitlab-ctl stop
, renew cert with certbot renew
and start gitlab gitlab-ctl start
?
I don’t really like this solution, because my gitlab is on production.