Let's Encrypt does not auto renew
Summary
Let's Encrypt doesn't auto renew SSL certificates
Steps to reproduce
I have enabled auto renew feature in gitlab.rb
with date time default but it seem not works. When I run manual gitlab-ctl renew-le-certs
that I got the same result.
What is the current bug behavior?
(What actually happens)
What is the expected correct behavior?
Auto renew LE certificates
Relevant logs
Relevant logs
(Paste any relevant logs.) (Live log output can be found with `sudo gitlab-ctl tail`.) (Log files live in `/var/log/gitlab` by default.)
Details of package version
Provide the package version installation details
gitlab-ce-11.3.4-ce.0.el7.x86_64
Environment details
- Operating System:
CentOS 7
- Installation Target, remove incorrect values:
- VM: Digital Ocean
- Installation Type, remove incorrect values:
- Upgrade from version
10.4.0
- Upgrade from version
- Is there any other software running on the machine:
REPLACE-WITH-DETAILS
- Is this a single or multiple node installation?
- Resources
- CPU:
2 cores
- Memory total:
8 Gb
- CPU:
Configuration details
Provide the relevant sections of `/etc/gitlab/gitlab.rb`
external_url 'https://gitlab.xxxxx.com' gitlab_rails['gitlab_default_can_create_group'] = false gitlab_rails['gitlab_username_changing_enabled'] = false gitlab_rails['gitlab_default_projects_features_container_registry'] = false letsencrypt['enable'] = true letsencrypt['contact_emails'] = ['xxxxx@xxxxx.com'] # This should be an array of email addresses to add as contacts letsencrypt['auto_renew'] = true gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)" gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.mailgun.org" gitlab_rails['smtp_port'] = 587 gitlab_rails['smtp_authentication'] = "plain" gitlab_rails['smtp_user_name'] = "xxxxx" gitlab_rails['smtp_password'] = "xxxxx" gitlab_rails['gitlab_email_from'] = "xxxxx" gitlab_rails['gitlab_support_email'] = "xxxxx" gitlab_rails['incoming_email_enabled'] = true gitlab_rails['incoming_email_address'] = "xxxxx" gitlab_rails['incoming_email_email'] = "xxxxx" gitlab_rails['incoming_email_password'] = 'xxxxx' gitlab_rails['incoming_email_mailbox_name'] = "inbox" #! The mailbox where incoming mail will end up. Usually "inbox". gitlab_rails['incoming_email_idle_timeout'] = 60 #! The IDLE command timeout. gitlab_rails['incoming_email_host'] = "imap.gmail.com" # IMAP server host gitlab_rails['incoming_email_port'] = 993 # IMAP server port gitlab_rails['incoming_email_ssl'] = true # Whether the IMAP server uses SSL gitlab_rails['incoming_email_start_tls'] = false # Whether the IMAP server uses StartTLS gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = true gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_providers'] = [ { "name" => "google_oauth2", "app_id" => "xxxxx", "app_secret" => "xxxxx", "args" => { "access_type" => "offline", "approval_prompt" => "auto", "hd" => "xxxxx" } } ] git_data_dirs({ "default" => { "path" => "/mnt/git-data" } }) gitlab_rails['artifacts_enabled'] = true gitlab_rails['artifacts_path'] = "/mnt/artifacts" gitlab_rails['lfs_enabled'] = true gitlab_rails['lfs_storage_path'] = "/mnt/lfs-objects" gitlab_rails['manage_backup_path'] = true gitlab_rails['backup_path'] = "/mnt/backups" prometheus['enable'] = false gitlab_monitor['enable'] = false prometheus_monitoring['enable'] = false