Validation failed for domain - Error executing action `create` on resource 'letsencrypt_certificate'

gitlab-ctl reconfigure is failing when I’m trying to configure https with letsencrypt .
Gitlab version 11.7.5 running on Ubuntu16.04 GCP instance.

After trying all the solutions I could found over the web, I decided to open a ticket hopefully you could save me from my misery.

The error from gitlab-ctl reconfigure:

 file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/npZvR9W0EsG2Cs5wf5GxyWm748_Xe4REjS7Il2odt8A] action create
        - create new file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/npZvR9W0EsG2Cs5wf5GxyWm748_Xe4REjS7Il2odt8A
        - update content in file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/npZvR9W0EsG2Cs5wf5GxyWm748_Xe4REjS7Il2odt8A from none to 1a677f
        --- /var/opt/gitlab/nginx/www/.well-known/acme-challenge/npZvR9W0EsG2Cs5wf5GxyWm748_Xe4REjS7Il2odt8A	2019-05-20 09:57:40.308672927 -0700
        +++ /var/opt/gitlab/nginx/www/.well-known/acme-challenge/.chef-npZvR9W0EsG2Cs5wf5GxyWm748_Xe4REjS7Il2odt8A20190520-31603-1d7kyv6	2019-05-20 09:57:40.308672927 -0700
        @@ -1 +1,2 @@
        +npZvR9W0EsG2Cs5wf5GxyWm748_Xe4REjS7Il2odt8A.jYBNnCSdphcWsgnWmlyrwdx0uVbksqhpL1BBoVO_dfo
        - change mode from '' to '0644'
        - change owner from '' to 'root'
        - change group from '' to 'root'

      ================================================================================
      Error executing action `create` on resource 'acme_certificate[staging]'
      ================================================================================

      RuntimeError
      ------------
      [gitlab.env.dev] Validation failed for domain gitlab.env.dev

      Cookbook Trace:
      ---------------
      /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in `block (2 levels) in class_from_file'
      /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
      /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'

      Resource Declaration:
      ---------------------
      suppressed sensitive resource output

      Compiled Resource:
      ------------------
      suppressed sensitive resource output

      System Info:
      ------------
      chef_version=13.6.4
      platform=ubuntu
      platform_version=16.04
      ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
      program_name=/opt/gitlab/embedded/bin/chef-client
      executable=/opt/gitlab/embedded/bin/chef-client


    ================================================================================
    Error executing action `create` on resource 'letsencrypt_certificate[gitlab.env.dev]'
    ================================================================================

    RuntimeError
    ------------
    acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [gitlab.env.dev] Validation failed for domain gitlab.env.dev

    Cookbook Trace:
    ---------------
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:93:in `block (2 levels) in class_from_file'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'

gitlab.rb configuration:

external_url ‘https://gitlab.env.dev
nginx[‘redirect_http_to_https’] = true
nginx[‘redirect_http_to_https_port’] = 80
#nginx[‘hsts_max_age’] = 0
letsencrypt[‘contact_emails’] = [‘DL-PP-env-dev@company.com’]
letsencrypt[‘enable’] = true
letsencrypt[‘auto_renew’] = true
letsencrypt[‘auto_renew_hour’] = 0
letsencrypt[‘auto_renew_minute’] = 30
letsencrypt[‘auto_renew_day_of_month’] = “*/4”
nginx[‘custom_gitlab_server_config’] = “location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n”

Thank you!

.dev TLD exists. Meanwhile, I don’t think you have registered .env.dev. So I guess you are using this name locally for your tests. Letsencrypt can only validate publically accessible domains/tlds as it needs to access your server .well-known directory or your dns specific TXT entry to make sure you own it.

Hello,
If you want to disable let’s encrypt on running gitlab-ctl reconfigure,then: