Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.mydomain.com/xxx.git/': SSL certificate problem: unable to get issuer certificate

Tags:

certificate

ssl-certificate

x509certificate

kubernetes

gitlab-ci-runner

I am not able to have a successful run of the autodevops pipeline. I have gone through multiple tutorials, guides, issues, fixes, workarounds but I now reached a point where I need your support.

I have a home kubernetes cluster (two VMs) and a GitLab server using HTTPS. I have set up the cluster and defined it in a GitLab group level (helm, ingress, runner installed). I have to do few tunings to be able to make the runner register in gitlab (it was not accepting the certificate initially).

Now when I run the autodevops pipeline, I get an error in the logs as below:

Running with gitlab-runner 11.9.0 (692ae235)
  on runner-gitlab-runner-5976795575-8495m cwr6YWh8
Using Kubernetes namespace: gitlab-managed-apps
Using Kubernetes executor with image registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image/master:stable ...
Waiting for pod gitlab-managed-apps/runner-cwr6ywh8-project-33-concurrent-0q7bdk to be running, status is Pending
Running on runner-cwr6ywh8-project-33-concurrent-0q7bdk via runner-gitlab-runner-5976795575-8495m...
Initialized empty Git repository in /testing/helloworld/.git/
Fetching changes...
Created fresh repository.
fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.mydomain.com/testing/helloworld.git/': SSL certificate problem: unable to get issuer certificate

I have tried many workarounds like adding the CA certificate of my domain under /home/gitlab-runner/.gitlab-runner/certs/gitlab.mydomain.com.crt but still no results.

like image 949
Sofien Fekih Avatar asked Jun 02 '19 00:06

Sofien Fekih

2 Answers

Your error occurs when a self-signed certificate can't be verified.

Another workaround than adding CA certificate is forcing git to not perform the validation of the certificate using the global option:

$ git config --global http.sslVerify false

like image 111
Malgorzata Avatar answered Oct 13 '22 00:10

Malgorzata

There is a list of solutions for this problem presented here: https://gitlab.com/gitlab-org/gitlab-runner/issues/2659

The most likely but crude solution is: open /etc/gitlab-runner/config.toml and modify as follows:

[[runners]]

environment = ["GIT_SSL_NO_VERIFY=true"]

Then restart the gitlab runner.

like image 24
aleksander_si Avatar answered Oct 12 '22 23:10

aleksander_si
Sign in to Comment

Related questions

Enabling net.ipv4.ip_forward for a container
How to run docker image in Kubernetes pod?
Troubleshooting minikube
nginx won't resolve hostname in K8S [duplicate]
Do I need Docker for Kubernetes?
Is there a way to serve external URLs from nginx-kubernetes ingress?
kubectl run with env var from a secret config
Kubernetes + Minikube - How to see all stdout output?
Kubernetes Yaml Generator UI , yaml builder for kubernetes [closed]
Kubernetes / Rancher 2, mongo-replicaset with Local Storage Volume deployment
Forbidden to access Kubernetes API Server
MountVolume.SetUp failed for volume "realm-secret" : secrets "realm-secret" not found
How to list all kubernetes objects with specific label using client-go
Cannot create a deployment that requests more than 2Gi memory
K8s: why is there no easy way to get notifications if a pod becomes unhealthy and is restarted?
PostgreSQL in Helm: initdbScripts Parameter
How can I expose a Statefulset with a load balancer?
How to configure nginx.ingress.kubernetes.io/rewrite-target and spec.rules.http.paths.path to satisfy the following URI patterns
Why does kubeadm not start even after disabling swap?
Airflow - ModuleNotFoundError: No module named 'kubernetes'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!