CentOS 7.x gitlab lets encrypt certificate renewal

From Notes_Wiki
Revision as of 23:22, 22 July 2020 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb self="gitlab lets encrypt certificate renewal">CentOS 7.x gitlab|gitlab</yambe:breadcrumb> =CentOS 7.x gitlab lets encrypt certificate renewal= o renew gitl...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb self="gitlab lets encrypt certificate renewal">CentOS 7.x gitlab|gitlab</yambe:breadcrumb>

CentOS 7.x gitlab lets encrypt certificate renewal

o renew gitlab certificates from lets encrypt use:

  1. Open /etc/gitlab/gitlab.rb and set following values:
    letsencrypt['enable'] = true # GitLab 10.5 and 10.6 require this option
    letsencrypt['contact_emails'] = ['foo@email.com'] # Optional
    letsencrypt['auto_renew'] = false
    letsencrypt['auto_renew_hour'] = "12"
    letsencrypt['auto_renew_minute'] = "30"
  2. Then run either of the below to renew:
    sudo gitlab-ctl reconfigure
    OR
    sudo gitlab-ctl renew-le-certs

Refer:


Acme::Client::Error::Malformed issue

If certificate renewal fails with error similar to:

   Acme::Client::Error::Malformed
   ------------------------------
   acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed

Then edit /opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb and comment below set of lines:

   acme_certificate 'staging' do
   [...]
   end

Then try:

   sudo gitlab-ctl renew-le-certs

Refer:


<yambe:breadcrumb self="gitlab lets encrypt certificate renewal">CentOS 7.x gitlab|gitlab</yambe:breadcrumb>