Letsencrypt for Gitlab CE and Gitlab Pages
Description
I find the lack of support for Letsencrypt in Gitlab disturbing. Letsencrypt has been available for some time now and provides free SSL certificates for all. Gitlab should encourage the encrypted web and enable Letsencrypt by default.
Proposal
There are two main points to my proposal:
- Gitlab should automate Letsencrypt certificate requests; Chef should request a Letsencrypt certificate when no SSL certificate is provided by the administrator. This means that, by default, Gitlab installs run over an encrypted connection. This might also go for pages, mattermost, registery and others.
- Gitlab Pages: when adding a domain, Gitlab should offer to automatically generate a Letsencrypt certificate, adding your own certificates should become the non-default option.
Links / references
-
#26457 (closed) mentions adding support for adding the Letsencrypt
.well-known
alias to facilitate manual certificate requests. - Mail-in-a-box is an app that has this Letsencrypt functionality nailed pretty well.
Documentation blurb
Gitlab offers a free and secure setup using Letsencrypt out of the box. This means that, with minimal effort, your Gitlab CE installation is secured with a Letsencrypt SSL certificate. Of course, you can still bring your own certificates if you want. Gitlab can setup certificates for itself and all related services like Mattermost, Registery and Pages.