10.6.0 SSL certificate verification not working
Summary
Upgraded gitlab_runner to 10.6 and I am now getting a "SSL certificate problem: unable to get local issuer certificate" error when cloning repositories. I have a real, valid, DigiCert wildcard certificate on my GitLab server and it is sending the intermediate certificate. The 10.5 runner worked just yesterday. My GitLab server certificate hasn't changed in the last six months.
I was able to work around the issue by adding an environmental variable: "GIT_SSL_NO_VERIFY=true" to my runner's configuration.
Steps to reproduce
- Upgrade to 10.6
- Run a build pipeline
Actual behavior
Pipeline fails with "SSL certificate problem: unable to get local issuer certificate" while trying to clone the repository of the project you are running the pipeline on.
Expected behavior
Pipeline should be able to clone the project repository
Relevant logs and/or screenshots
NOTE: I have changed hostnames, usernames, and removed credentials.
Running with gitlab-runner 10.6.0 (a3543a27)
on runner df0861a9
Using Docker executor with image projects.example.org:4567/infrastructure/ci/build:master ...
Starting service mdillon/postgis:9.3 ...
Pulling docker image mdillon/postgis:9.3 ...
Using docker image sha256:8a7e873938566f111c67bb69ebe10aa5deb32386936c144f4945b5acf0fe0808 for mdillon/postgis:9.3 ...
Waiting for services to be up and running...
Pulling docker image projects.example.org:4567/infrastructure/ci/build:master ...
Using docker image sha256:f49f944955059a9227bffbb71f8caac8262d29bed1a76a4f664e4b5aada7ce20 for projects.example.org:4567/infrastructure/ci/build:master ...
Running on runner-df0861a9-project-1350-concurrent-0 via runner...
Cloning repository...
Cloning into '/builds/project/'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@projects.example.org/project.git/': SSL certificate problem: unable to get local issuer certificate
ERROR: Job failed: exit code 1Environment description
concurrent = 16
check_interval = 0
[[runners]]
name = "runner"
limit = 16
url = "https://projects.example.org"
token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
executor = "docker"
environment = ["PIP_INDEX_URL=https://xxxxxxxxxx:xxxxxxxxxx@packages.example.org/build/internal", "HASHICORP_VAULT_USERNAME=xxxxxxxxxx", "HASHICORP_VAULT_PASSWORD=xxxxxxxxxx", "POSTGRES_DB=xxxxxxxx", "POSTGRES_USER=xxxxxxxxxx", "POSTGRES_PASSWORD=xxxxxxxxxx", "POSTGRES_HOST=postgres"]
[runners.docker]
tls_verify = false
image = "projects.example.org:4567/infrastructure/ci/build:master"
privileged = false
disable_cache = true
volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]
shm_size = 0
[runners.cache]Containers: 54
Running: 6
Paused: 0
Stopped: 48
Images: 3023
Server Version: 18.03.0-ce
Storage Driver: aufs
Root Dir: /ebs/docker/aufs
Backing Filesystem: extfs
Dirs: 2228
Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-112-generic
Operating System: Ubuntu 16.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 62.9GiB
Name: runner
ID: EP7U:D776:UHYG:OBMU:2PE5:UGHC:5Z4A:3LUZ:PCVJ:UO7X:JWQC:25RR
Docker Root Dir: /ebs/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseUsed GitLab Runner version
Version: 10.6.0
Git revision: a3543a27
Git branch: 10-6-stable
GO version: go1.9.4
Built: 2018-03-22T08:34:11+00:00
OS/Arch: linux/amd64