Gitlab doesn't loads new ssl cert and key

Question

I'm running Gitlab:13.12.15-ce.0 in docker container with my private ssl certs and key. But it's expired few days back and i have updated the .crt and .key files in /etc/gitlab/ssl directory but Gitlab still throws error that my certs are expired with loading old certs.

I have tried updating the cert and key file by following Update the SSL Certificates

I followed these steps to configure certs and key initially:manually-configuring-https

How do i load new updated ssl cert in Gitlab ? Thanks in Advance.

Answer 1

Latest info from the Update the SSL Certificates section in the gitlab docs is that the commands

sudo gitlab-ctl hup nginx
-and-
sudo gitlab-ctl hup registry

are the correct way to gracefully restart nginx after an updated cert has been saved to /etc/gitlab/ssl

It also states that

If the content of your SSL certificates has been updated, but no configuration changes have been made to /etc/gitlab/gitlab.rb, then reconfiguring GitLab doesn’t affect NGINX.

Maybe the advice above about cleaning up the /opt/gitlab/embedded/ssl/certs is similar to making a change to the gitlab.rb file, but I'm not sure messing around in that directory is the right approach nowadays.

Answer 2

From SSL settings, you might need to cleanup /opt/gitlab/embedded/ssl/certs first, putting your new key in /etc/gitlab/trusted-certs, and then run

gitlab-ctl reconfigure

Be warned that running the above command will restart your GitLab server.

That should create the expected symlinks in /opt/gitlab/embedded/ssl/certs and update your SSL cert used by your GitLab instance..