Cloning returns "SSL certificate problem: unable to get local issuer certificate"
Closed
Cloning returns "SSL certificate problem: unable to get local issuer certificate"
Created by: kminehart
My gitlab.rb: (I got rid of all of the comments to clean it up.)
## Url on which GitLab will be reachable.
## For more details on configuring external_url see:
## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
external_url 'https://example.com:6443'
## Note: configuration settings below are optional.
## Uncomment and change the value.
############################
# gitlab.yml configuration #
############################
gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
################################
# GitLab email server settings #
################################
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "localhost"
gitlab_rails['smtp_port'] = 456
gitlab_rails['smtp_user_name'] = "gitlab@example.com"
gitlab_rails['smtp_password'] = "O5WNASInGW"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
################
# gitlab-shell #
################
# gitlab_shell['audit_usernames'] = false
gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/certs/cert.pem', ca_path: '/etc/pki/tls/certs/gitlab', self_signed_cert: false}
gitlab_shell['log_level'] = 'DEBUG'
# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
##################
# GitLab Unicorn #
##################
unicorn['port'] = 6080
################
# GitLab Nginx #
################
## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md
nginx['ssl_certificate'] = "/home/admin/conf/web/ssl.example.com.crt"
nginx['ssl_certificate_key'] = "/home/admin/conf/web/ssl.example.com.key"the ssl.example.com.crt / ca / key / pem is a signed certificate issued by a CA, not a self-signed certificate.
/etc/ssl/certs/cert.pem is the a copied / pasted one
The contents of "/etc/pki/tls/certs/gitlab is:
[root@example gitlab]# ls /etc/pki/tls/certs/gitlab
cert.ca cert.crt cert.key cert.pem COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt externalCAroot.crtand it appears to me that the https connection between any browser I've tried and nginx is successful, I'm still not sure why git doesn't like my certificates.
I've tried using the .key instead of the .pem, I've tried using the crt instead, I've tried manually configuring /var/opt/gitlab/gitlab-shell/config.yml with every crt, ca, .pem, and .key. I've got nothing else to try. I'm running gittlab-ctl reconfigure every time I change gitlab.rb, too.