Registry NGINX servers will not start if LetsEncrypt is enabled and main NGINX SSL certs are configured
We ran into this in gitlab-com/gl-infra/production#8403 (closed) when LetsEncrypt was enabled in https://gitlab.com/gitlab-com/gl-infra/chef-repo/-/merge_requests/2902/diffs for dev.gitlab.org
.
-
Set:
nginx['ssl_certificate'] = "/etc/gitlab/ssl/nginx.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/nginx.key"
-
Move the original, valid certs into
/etc/gitlab/ssl/nginx.{crt,key}
. -
Set
letsencrypt['enable'] = false
. -
Run
gitlab-ctl reconfigure
.
I think the error comes from /etc/gitlab/gitlab-registry.conf
: the registry NGINX config values default to the LetsEncrypt values in https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/40d2dc1bd00ad69bad9993f043e7b08e91fd6521/files/gitlab-cookbooks/gitlab/libraries/registry.rb#L100-101.
Edited by Stan Hu