Skip to content

Let's Encrypt does not auto renew

Summary

Let's Encrypt doesn't auto renew SSL certificates

Steps to reproduce

I have enabled auto renew feature in gitlab.rb with date time default but it seem not works. When I run manual gitlab-ctl renew-le-certs that I got the same result.

What is the current bug behavior?

(What actually happens)

What is the expected correct behavior?

Auto renew LE certificates

Relevant logs

Relevant logs 
(Paste any relevant logs.)
(Live log output can be found with `sudo gitlab-ctl tail`.)
(Log files live in `/var/log/gitlab` by default.)

Details of package version

Provide the package version installation details 
gitlab-ce-11.3.4-ce.0.el7.x86_64

Environment details

  • Operating System: CentOS 7
  • Installation Target, remove incorrect values:
    • VM: Digital Ocean
  • Installation Type, remove incorrect values:
    • Upgrade from version 10.4.0
  • Is there any other software running on the machine: REPLACE-WITH-DETAILS
  • Is this a single or multiple node installation?
  • Resources
    • CPU: 2 cores
    • Memory total: 8 Gb

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb` 
external_url 'https://gitlab.xxxxx.com'
gitlab_rails['gitlab_default_can_create_group'] = false
gitlab_rails['gitlab_username_changing_enabled'] = false
gitlab_rails['gitlab_default_projects_features_container_registry'] = false
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['xxxxx@xxxxx.com'] # This should be an array of email addresses to add as contacts
letsencrypt['auto_renew'] = true
gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.mailgun.org"
gitlab_rails['smtp_port'] = 587
gitlab_rails['smtp_authentication'] = "plain"
gitlab_rails['smtp_user_name'] = "xxxxx"
gitlab_rails['smtp_password'] = "xxxxx"
gitlab_rails['gitlab_email_from'] = "xxxxx"
gitlab_rails['gitlab_support_email'] = "xxxxx"
gitlab_rails['incoming_email_enabled'] = true
gitlab_rails['incoming_email_address'] = "xxxxx"
gitlab_rails['incoming_email_email'] = "xxxxx"
gitlab_rails['incoming_email_password'] = 'xxxxx'
gitlab_rails['incoming_email_mailbox_name'] = "inbox" #! The mailbox where incoming mail will end up. Usually "inbox".
gitlab_rails['incoming_email_idle_timeout'] = 60 #! The IDLE command timeout.
gitlab_rails['incoming_email_host'] = "imap.gmail.com" # IMAP server host
gitlab_rails['incoming_email_port'] = 993 # IMAP server port
gitlab_rails['incoming_email_ssl'] = true # Whether the IMAP server uses SSL
gitlab_rails['incoming_email_start_tls'] = false # Whether the IMAP server uses StartTLS
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = true
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"app_id" => "xxxxx",
"app_secret" => "xxxxx",
"args" => { "access_type" => "offline", "approval_prompt" => "auto", "hd" => "xxxxx" }
}
]
git_data_dirs({
"default" => {
"path" => "/mnt/git-data"
}
})
gitlab_rails['artifacts_enabled'] = true
gitlab_rails['artifacts_path'] = "/mnt/artifacts"
gitlab_rails['lfs_enabled'] = true
gitlab_rails['lfs_storage_path'] = "/mnt/lfs-objects"
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/mnt/backups"
prometheus['enable'] = false
gitlab_monitor['enable'] = false
prometheus_monitoring['enable'] = false
Edited by Thanh Tran