X509: certificate relies on legacy Common Name field, use SANs instead

These days I’m trying to add my first k8s runners. It’s the first time we used k8s to run them, and before we used GitLab runner cli to run them and we used --tls-ca-file to provide ‘crt’ file.
There is an annoying error repeating:

Registration attempt 1 of 30
Runtime platform                                    arch=amd64 os=linux pid=13 revision=a7b4e96a version=15.5.0~beta.80.ga7b4e96a
WARNING: Running in user-mode.                     
WARNING: The user-mode requires you to manually start builds processing: 
WARNING: $ gitlab-runner run                       
WARNING: Use sudo for system-mode:                 
WARNING: $ sudo gitlab-runner...                   
Merging configuration from template file "/configmaps/config.template.toml" 
ERROR: Registering runner... failed                 runner=9dr5GxbT status=couldn't execute POST against https://gitlab.local/api/v4/runners: Post "https://gitlab.local/api/v4/runners": x509: certificate relies on legacy Common Name field, use SANs instead
PANIC: Failed to register the runner

I’ve used: certsSecretName: gitlab to provide the ‘crt’ file, and provide the correct URL for gitlab, then helm install. Not sure what I did wrong.
Let me know if more information is needed.

I ran into this problem using a self-signed Certificate Authority. Although the certificate signing request had the Subject Alternative Names, openssl does NOT copy the SANs from the CSR. ¯\_(ツ)_/¯
This post helped. It has the SAN extensions in the certificate signing. How do I use SANs with openSSL instead of common name? - Stack Overflow

1 Like