Support custom ACME server for Let's Encrypt integration
Summary
We run a GitLab instance that is only accessible from LAN, so we can't use regular Let's Encrypt. Instead we run our own ACME server (via step-ca) that creates certs derived from our company's root cert. We got it running with our other services but omnibus-gitlab does not support configuring which server to use.
Proposal
Add an option letsencrypt['dir']
(to match the name that the acme_certificate
resource uses), letsencrypt['directory']
, letsencrypt['server']
or letsencrypt['acme_server']
, whichever name you prefer. Use that option in files/gitlab-cookbooks/letsencrypt/resources/certificate.rb
around line 55. The default value should be the regular Let's Encrypt production server.
References
- step-ca blog post on how to setup a private ACME server, includes instructions on how to configure most client libraries.
Edited by dfyx