Skip to content

Self-signed CA ignored in 14.0.1-ce

Summary

I have updated my gitlab-ce omnibus instance, running on Ubuntu 20.04.2 LTS, to 14.0.1-ce.0. This gitlab omnibus instance is in a private network, pages in not behind https, gitlab is behind https. Therefore, a self-signed CA is used. The CA is installed on the system (a simple curl to the gitlab homepage works) and it is added to /etc/gitlab/trusted-certs/. In 13.x it works. In 14.x GitLab Pages reports the following for all calls to the API:

{
  "correlation_id": "01F912NSEXH0KTZQJN4MKNQFT3",
  "error": "Get \"https://gitlab.consapi-atpco.local/api/v4/internal/pages?host=devops.gitlab-pages.consapi-atpco.local/\": x509: certificate signed by unknown authority",
  "host": "devops.gitlab-pages.consapi-atpco.local",
  "level": "error",
  "msg": "could not fetch domain information from a source",
  "path": "/favicon.ico",
  "time": "2021-06-25T07:55:45Z"
}

Steps to reproduce

Have a gitlab ce instance on version 13.x Require a self-signed CA to connect to gitlab API make sure it gitlab pages work upgrade to 14.0.1

What is the current bug behavior?

Gitlab pages fails to connect to gitlab API

What is the expected correct behavior?

it should work

Relevant logs

Relevant logs

Details of package version

ii gitlab-ce 14.0.1-ce.0 amd64 GitLab Community Edition (including NGINX, Postgres, Redis)

Environment details

  • Operating System: Ubuntu 20.04.2 LTS
  • Installation Target, remove incorrect values:
    • VM: AWS
  • Installation Type, remove incorrect values:
    • Upgrade from version 13.12.5-ce.0
  • Is there any other software running on the machine: No
  • Is this a single or multiple node installation? single
  • Resources
    • CPU: Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz 8 vCPU
    • Memory total: 16GB

Configuration details

gitlab.rb
external_url "https://gitlab.consapi-atpco.local"
 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = OMMITED
 gitlab_rails['smtp_port'] = OMMITED
 gitlab_rails['smtp_user_name'] = OMMITED
 gitlab_rails['smtp_password'] = OMMITED
 gitlab_rails['smtp_domain'] = OMMITED
 gitlab_rails['smtp_authentication'] = OMMITED
 gitlab_rails['smtp_enable_starttls_auto'] = OMMITED
 gitlab_rails['smtp_tls'] = false
 gitlab_rails['gitlab_email_enabled'] = true
 gitlab_rails['gitlab_email_from'] = OMMITED
 gitlab_rails['gitlab_email_display_name'] = OMMITED
 gitlab_rails['gitlab_email_reply_to'] = OMMITED
gitlab_rails['manage_backup_path'] = true
gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_upload_connection'] = OMMITED
gitlab_rails['backup_upload_remote_directory'] = 'gitlab-vega-backup'
gitlab_rails['backup_multipart_chunk_size'] = 104857600
gitlab_rails['registry_enabled'] = false
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = OMMITED
nginx['ssl_certificate_key'] = OMMITED
nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
nginx['listen_addresses'] = ['OMMITED.149']
pages_external_url "http://gitlab-pages.consapi-atpco.local/"
gitlab_pages['enable'] = true
gitlab_pages['external_http'] = ['OMMITED:80']
pages_nginx['enable'] = false
letsencrypt['enable'] = false
Edited by Jason Plum