Solved: Let's Encrypt Errror on Upgrade

My installation is behind a few layers of firewall and NAT, and there was a problem with the port 80 forwarding firewall rule. Once I fixed that, deleted /etc/gitlab/ssl, I was able to run the reconfigure.

I am now running with nginx redirecting port 80 to 443 enabled, which I was not before. I’m not entirely sure that is necessary, but that is another difference to note vs. how I was working before.

Since last months -ce release, I’m getting this error when updating or running gitlab-ctl reconfigure:

There was an error running gitlab-ctl reconfigure:

letsencrypt_certificate[] (letsencrypt::http_authorization line 5) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [] Validation failed, unable to request certificate

But there is no indication of what or how it failed.

Internet searches suggest things like enabling nginx forwarding, deleting /etc/gitlab/ssl, temporarily changing the URL to http rather than https, but none of those help. I had hoped with the 9/24 release, the error would go away, but it’s still here.

If I disable https, then it does work, but then I’m left running without SSL. As soon as I turned SSL back on, the reconfigure fails.

Hoping for any suggesions…