Let's encrypt first certificate generation fails on docker
Summary
I'm trying to enable Let's Encrypt integration for our office gitlab. It fails on the first attempt always with the following error:
Expand for error
arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: letsencrypt::enable arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * ruby_block[http external-url] action run (skipped due to only_if) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * directory[/etc/gitlab/ssl] action create arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - create new directory /etc/gitlab/ssl arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change mode from '' to '0755' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change owner from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change group from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * acme_selfsigned[gitlab.arego.no] action create arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[gitlab.arego.no SSL selfsigned key] action create_if_missing arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - create new file /etc/gitlab/ssl/gitlab.arego.no.key arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - update content in file /etc/gitlab/ssl/gitlab.arego.no.key from none to db1054 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - suppressed sensitive resource arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change mode from '' to '0400' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change owner from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change group from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[gitlab.arego.no SSL selfsigned crt] action create_if_missing arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - create new file /etc/gitlab/ssl/gitlab.arego.no.crt arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - update content in file /etc/gitlab/ssl/gitlab.arego.no.crt from none to f88428 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --- /etc/gitlab/ssl/gitlab.arego.no.crt 2020-04-16 06:25:23.856703906 +0000 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +++ /etc/gitlab/ssl/.chef-gitlab20200416-25-7gzrhj.arego.no.crt 2 020-04-16 06:25:23.856703906 +0000 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | @@ -1 +1,19 @@ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +-----BEGIN CERTIFICATE----- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +MIIC+jCCAeKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9naXRs arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +YWIuYXJlZ28ubm8wHhcNMjAwNDE2MDYyNTIzWhcNMjAwNTE2MDYyNTIzWjAaMRgw arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +FgYDVQQDDA9naXRsYWIuYXJlZ28ubm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +ggEKAoIBAQCwpp7my5UdMEqczWUYFhMtSoeK6wFOAQhQ7jROH/paGxxxBKBK5GEr arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +QHFPYX8YuDFzhAoWoPS0+XN6s0l0Qa1fDrcBSE0BfB2rSj2lNY/4GRxY3omtyBJb arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +s9OtAn9/uGlqli3kMOAjoNveBYMB2gz8nRlHAZCpQMlQ/gvmjsksKS10NobiZYB3 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +2+e/wf9bjCgagzMTf5XYmhQqg65b6prNYTKwkEwKt33awUl8ZQa4pls5m3g+xg3k arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +77Apm9TezhFR2fu50IChajweVNP60Ck5tFB3usE/XZQfhCPtmVYckBOdLSlwNrEv arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +YxrXe5DDxQGKu+Bc7CJK0s59Yidf9TWDAgMBAAGjSzBJMAwGA1UdEwEB/wQCMAAw arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +HQYDVR0OBBYEFIfVcvE710pZQAhJjV1YXEG14z6qMBoGA1UdEQQTMBGCD2dpdGxh arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +Yi5hcmVnby5ubzANBgkqhkiG9w0BAQsFAAOCAQEAVjs69Hjy0AJ2fCAbvZ0kwD8S arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +7rR11LmeVLstuoNSbd3iD5KEQ/tg6LrPYdeEf6QOeCEkdUdjuLaPtcBqgD2BMe2r arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +ll4xdx0gH+4n2SbokwReET5h9eNJKl9YBRbQiwVAS4kbVbRSMQt/QPq2xg71jok9 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +KBI0+Cci+KHnVXs/BV0Sk0lj2jRBnlInJXG2Hy9TLJnbjn13FdR1OHpKOpt/eI6p arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +zbVoLFBGBhAZv6MuiWv0CTSFwcXYCftgd0+HKWOfLJaZZuAJUPH6ikItPmUE5kUo arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +rRxIVZ3am09y3IkGpCIq9ZdbhYMbzoY15PW1TDrHcQmM/sRxo2Z1PZsu2CfjJg== arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +-----END CERTIFICATE----- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change mode from '' to '0644' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change owner from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change group from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[gitlab.arego.no SSL selfsigned chain] action create_if_missing (skipped due to not_if) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: nginx::enable arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[nginx] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: letsencrypt::http_authorization arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * letsencrypt_certificate[gitlab.arego.no] action create arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * acme_certificate[staging] action create arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[gitlab.arego.no SSL key] action create_if_missing arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - create new file /etc/gitlab/ssl/gitlab.arego.no.key-staging arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - update content in file /etc/gitlab/ssl/gitlab.arego.no.key-staging from none to dd4499 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - suppressed sensitive resource arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change mode from '' to '0400' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change owner from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change group from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * directory[/var/opt/gitlab/nginx/www/.well-known/acme-challenge] action create (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg] action create arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - create new file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - update content in file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg from none to a03e70 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --- /var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg 2 020-04-16 06:25:27.380746310 +0000 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +++ /var/opt/gitlab/nginx/www/.well-known/acme-challenge/.chef-UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg20200416-25-2w6drc 2 020-04-16 06:25:27.380746310 +0000 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | @@ -1 +1,2 @@ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | +UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg.1dOKCHxSywAlYpW3LDj2PxEUQYAQpVGpyeNqmp1i07o arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change mode from '' to '0644' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change owner from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - change group from '' to 'root' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[gitlab.arego.no SSL key] action nothing (skipped due to action :nothing) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * directory[/var/opt/gitlab/nginx/www/.well-known/acme-challenge] action nothing (skipped due to action :nothing) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg] action nothing (skipped due to action :nothing) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg] action delete arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - delete file /var/opt/gitlab/nginx/www/.well-known/acme-challenge/UQe37lzpH7-xlO9tod1n-lPKkk0kNL5N2zzvSar5tQg arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * ruby_block[create certificate for gitlab.arego.no] action run arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ================================================================================ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Error executing action `run` on resource 'ruby_block[create certificate for gitlab.arego.no]' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ================================================================================ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | RuntimeError arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | [gitlab.arego.no] Validation failed, unable to request certificate arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Cookbook Trace: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --------------- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:111:in `block (3 levels) in class_from_file' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Resource Declaration: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --------------------- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 108: ruby_block "create certificate for #{new_resource.cn}" do # ~FC014 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 109: block do arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 110: unless (all_validations.map { |authz| authz.status == 'valid' }).all? arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 111: fail "[#{new_resource.cn}] Validation failed, unable to request certificate" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 112: end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 113: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 114: begin arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 115: newcert = acme_cert(order, new_resource.cn, mykey, new_resource.alt_names) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 116: rescue Acme::Client::Error => e arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 117: fail "[#{new_resource.cn}] Certificate request failed: #{e.message}" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 118: else arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 119: Chef::Resource::File.new("#{new_resource.cn} SSL new crt", run_context).tap do |f| arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 120: f.path new_resource.crt arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 121: f.owner new_resource.owner arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 122: f.group new_resource.group arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 123: f.content newcert arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 124: f.mode 00644 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 125: end.run_action :create arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 126: end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 127: end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 128: end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Compiled Resource: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:108:in `block in class_from_file' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ruby_block("create certificate for gitlab.arego.no") do arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | action [:run] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | default_guard_interpreter :default arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | declared_type :ruby_block arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | cookbook_name "letsencrypt" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | block # arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | block_name "create certificate for gitlab.arego.no" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | System Info: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | chef_version=14.14.29 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | platform=ubuntu arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | platform_version=16.04 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ruby=ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-linux] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | program_name=/opt/gitlab/embedded/bin/chef-client arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | executable=/opt/gitlab/embedded/bin/chef-client arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ================================================================================ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Error executing action `create` on resource 'acme_certificate[staging]' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ================================================================================ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | RuntimeError arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ruby_block[create certificate for gitlab.arego.no] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitlab.arego.no] Validation failed, unable to request certificate arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Cookbook Trace: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --------------- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:111:in `block (3 levels) in class_from_file' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Resource Declaration: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --------------------- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | suppressed sensitive resource output arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Compiled Resource: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | suppressed sensitive resource output arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | System Info: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | chef_version=14.14.29 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | platform=ubuntu arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | platform_version=16.04 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ruby=ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-linux] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | program_name=/opt/gitlab/embedded/bin/chef-client arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | executable=/opt/gitlab/embedded/bin/chef-client arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ================================================================================ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Error executing action `create` on resource 'letsencrypt_certificate[gitlab.arego.no]' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ================================================================================ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | RuntimeError arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for gitlab.arego.no] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitla b.arego.no] Validation failed, unable to request certificate arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Cookbook Trace: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --------------- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:111:in `block (3 levels) in class_from_file' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Resource Declaration: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | --------------------- arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 5: letsencrypt_certificate site do arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 6: crt node['gitlab']['nginx']['ssl_certificate'] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 7: key node['gitlab']['nginx']['ssl_certificate_key'] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 8: notifies :run, "execute[reload nginx]", :immediate arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 9: notifies :run, 'ruby_block[display_le_message]' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 10: only_if { omnibus_helper.service_up?('nginx') } arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | 11: end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Compiled Resource: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:5:in `from_file' arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | letsencrypt_certificate("gitlab.arego.no") do arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | action [:create] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | updated true arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | updated_by_last_action true arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | default_guard_interpreter :default arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | declared_type :letsencrypt_certificate arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | cookbook_name "letsencrypt" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | recipe_name "http_authorization" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | crt "/etc/gitlab/ssl/gitlab.arego.no.crt" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | key "/etc/gitlab/ssl/gitlab.arego.no.key" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | alt_names ["gitlab.arego.no"] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | cn "gitlab.arego.no" arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | only_if { #code block } arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | end arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | System Info: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ------------ arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | chef_version=14.14.29 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | platform=ubuntu arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | platform_version=16.04 arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | ruby=ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-linux] arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | program_name=/opt/gitlab/embedded/bin/chef-client arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | executable=/opt/gitlab/embedded/bin/chef-client arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: gitlab::gitlab-rails arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * execute[clear the gitlab-rails cache] action run arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | - execute /opt/gitlab/bin/gitlab-rake cache:clear arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: gitlab::gitlab-workhorse arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[gitlab-workhorse] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: registry::enable arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[registry] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: monitoring::redis-exporter arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[redis-exporter] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: monitoring::prometheus arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[prometheus] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: monitoring::alertmanager arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[alertmanager] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: monitoring::postgres-exporter arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[postgres-exporter] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Recipe: monitoring::grafana arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | * runit_service[grafana] action restart (up to date) arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Running handlers: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | There was an error running gitlab-ctl reconfigure: arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | letsencrypt_certificate[gitlab.arego.no] (letsencrypt::http_authorization line 5) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for gitlab.arego.no] (/opt/gitlab/emb edded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitlab.arego.no] Validation failed, unable to request certificate arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Running handlers complete arego_gitlab_gitlab.1.u1io1nmwdbxq@arego-gitlab | Chef Client failed. 317 resources updated in 02 minutes 10 seconds
When I run the system with setting
letsencrypt['enable'] = false
it does start, website is accessible (but of course I get cert errors) and Let's Debug shows that everything should work.
Your documentation tells me that if I received this error, it means:
Your domain’s Certification Authority Authorization (CAA) record does not allow Let’s Encrypt to issue a certificate for your domain
I checked the domain, no CAA limiting records existed at all. Just incase I did add issue record for let's encrypt. Still no change. And certbot on another server can create certificate for the main-level domain (arego.no) just fine.
Steps to reproduce
Not sure you can without accessing our server and domain.
What is the current bug behavior?
It fails to start container with reconfigure throwing error shown above.
What is the expected correct behavior?
It should work like it does on my other server with another domain with almost idendical configuration.
Relevant logs and/or screenshots
Look at summary
Output of checks
Look at summary
Results of GitLab application Check
Can't run the check as container fails to launch, when I enable letsencrypt.