Skip to content

x509: certificate relies on legacy Common Name field, use SANs instead

Summary

I'am experiencing troubles with Gitlab-Runner registration.
Here is stderr of the server after invoking "gitlab-runner register" command: image

Steps to reproduce

I am using official documentation in order to run both applications into single docker-compose.yml file.
Here is my config: image

Since our network is local and doesn't have direct internet access for this network i'am using self-signed certificates for host server.
I've been trying different certificates:

  • x509 method which is described in official documentation for offline installations \
  • Locally generated SAN certificates \
  • Those which are generated from fresh gitlab installation \

All three methods leads to described problem.
This certificate is added to gitlab-runner certificated directory and copies to /usr/local/share/ca-certificates.
I can even curl destination gitlab server host:
image
I've been trying different approaches in order to resolve this issue by myself, including changing gitlab.rb file:
omnibus-gitlab#4900 (closed)
gitlab#38255 (moved)
Commenting staging section in file /opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb
Installing two lower gitlab server versions
Changing docker-compose.yml config
Separated installation of both components
Making varions changes in gitlab.rb file from advices in comments of different issues, like nginx https redirection, etc.

Actual behavior

Since gitlab native method always returns ACME related errors, i'am using self-signed certificates. I can reproduce this error if needed and provide it in comments. But either with self-signed certificate or gitlab native - i always get the same "SAN's" error.

Expected behavior

I want to runner to connect gitlab server.

Relevant logs and/or screenshots

Gitlab has so many logs, i don't even know which one i should inspect or provide, i would be grateful if you give me directions.

Environment description

Gitlab version:
GitLab Community Edition 14.7.0
Runner version:
Version: 14.7.0
Git revision: 98daeee0
Git branch: 14-7-stable
GO version: go1.17.5
Built: 2022-01-19T17:11:48+0000
OS/Arch: linux/amd64
Docker version:
Docker version 19.03.6, build 369ce74a3c
Docker-compose version:
docker-compose version 1.25.0, build 0a186604 \

Possible fixes

I've tried to google this problem and i think i've tried around 30 or 40 combined solutions from stackoverflow and google search related pages, but i wasn't able to fix this issue myself.
Since i came to conclusion that i'am not able to fix this issue by myself, i'am asking for help here.
It would be awesome if you give me directions to which way i should move and what logs i should inspect.
Thank you in advance.

Edited by Aysegul Acar