Skip to content

Workspace doesn't start when using a GitLab certificate that is signed by internal CA

Summary

Workspace init container has code to clone the project repository. It fails with certificate error for self-signed certificates.

Steps to reproduce

  1. Use self-signed certificate for GitLab
  2. Create a workspace using agent
  3. Workspace will fail and init container logs show cloning failure:
2024-11-20T14:49:31.731036869-05:00 stdout F Cloning project
2024-11-20T14:49:31.733553099-05:00 stderr F Cloning into '/projects/<PROJECT_NAME>'...
2024-11-20T14:49:31.782969338-05:00 stderr F fatal: unable to access 'https://gitlab.example.com/<PATH_TO_PROJECT>.git/': SSL peer certificate or SSH remote key was not OK
2024-11-20T14:49:31.785496921-05:00 stdout F Project cloning failed with exit code: 128

Example Project

What is the current bug behavior?

Workspace cannot clone project when GitLab is using self-signed certificate

What is the expected correct behavior?

Workspace should be able to clone when GitLab server is using self-signed certificate

Relevant logs and/or screenshots

2024-11-20T14:49:31.731036869-05:00 stdout F Cloning project
2024-11-20T14:49:31.733553099-05:00 stderr F Cloning into '/projects/<PROJECT_NAME>'...
2024-11-20T14:49:31.782969338-05:00 stderr F fatal: unable to access 'https://gitlab.example.com/<PATH_TO_PROJECT>.git/': SSL peer certificate or SSH remote key was not OK
2024-11-20T14:49:31.785496921-05:00 stdout F Project cloning failed with exit code: 128

Output of checks

GitLab version 17.5.0

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Edited by 🤖 GitLab Bot 🤖