Skip to content
GitLab
Next
Closed
Issue created by Grégory Maitrallain@karreg

[v 11.9+ regression] SSL certificate is broken in gitlab-runner-helper image: unable to get issuer certificate

Summary

After upgrading from 11.8.0 to 11.9.0, my custom certs are not handled correctly anymore, I get this error:
SSL certificate problem: unable to get issuer certificate

Downgrading to version 11.8.0 fixes the issue.

Steps to reproduce

Have custom certificate authority, create a certificate. Have it installed on gitlab and the runner. Try to fetch the repo.

Actual behavior

Git clone fails with SSL certificate problem: unable to get issuer certificate

Running with gitlab-runner 11.9.0 (692ae235)
  on gci-runner-2 QaqQJDyJ
Using Docker executor with image maven:3-jdk-8 ...
Pulling docker image maven:3-jdk-8 ...
Using docker image sha256:938cf03ad8e9a03a84c6b482406bd69ad975eb173f5972a9ca440c94e9d4b39c for maven:3-jdk-8 ...
Running on runner-QaqQJDyJ-project-3366-concurrent-0 via gci-runner-2...
DEPRECATION: this GitLab server doesn't support refspecs, gitlab-runner 12.0 will no longer work with this version of GitLab
Cloning repository...
Cloning into '/builds/***/***'...
fatal: unable to access 'https://***:xxxxxxxxxxxxxxxxxxxx@***/***/***/': SSL certificate problem: unable to get issuer certificate
/bin/bash: line 79: cd: /builds/***/***: No such file or directory
ERROR: Job failed: exit code 1

Expected behavior

This is expected, and this is what happens when downgraded to version 11.8.0:

Running with gitlab-runner 11.8.0 (4745a6f3)
  on gci-runner-2 EZqix7Ce
Using Docker executor with image maven:3-jdk-8 ...
Pulling docker image maven:3-jdk-8 ...
Using docker image sha256:938cf03ad8e9a03a84c6b482406bd69ad975eb173f5972a9ca440c94e9d4b39c for maven:3-jdk-8 ...
Running on runner-EZqix7Ce-project-3366-concurrent-0 via gci-runner-2...
Cloning repository...
Cloning into '/builds/***/***'...
Checking out 4ecb0a18 as 2.1.4...
Skipping Git submodules setup
...

Relevant logs and/or screenshots

Nothing more than the previous steps

Environment description

Custom installation. Docker executor:

sudo docker version
Client:
 Version:           18.09.3
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        774a1f4
 Built:             Thu Feb 28 06:34:04 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.4
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       d14af54
  Built:            Wed Mar 27 18:01:48 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Used GitLab Runner version

Version 11.9.0 for the issue to appear Version 11.8.0 without the issue

Workaround

Override the helper image to use a tag gitlab/gitlab-runner-helper:x86_64-4745a6f3

Edited by Steve Azzopardi