Gitlab pages and Jekyll - issue with set up TLS Lets Encrypted

Question

I try to add SSL/TLS on my static web site. I use Gitlab static pages, and Jekyll is for content.
I follow this instructions to set up TLS - Gitlab tutorial.

I am stack on this part - I got 404 error from Gitlab pages

Once the build finishes, test again if everything is working well:

# Note that we're using the actual domain, not localhost anymore
$ curl http://YOURDOMAIN.org/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM

The problem is next I am successfully generated certificate with command ./letsencrypt-auto certonly -a manual -d example.com
I created custom page letsencrypt-setup.html in root directory whit appropriate content.

I run jekyll build command and it created _site/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.html page.
When I run curl command to this page it worked with and without .html extension - both commands work, and return appropriate value

curl http://localhost:4000/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM
curl http://localhost:4000/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.html

When I commit changes and push to Gitlab after build and deploy I can fetch appropriate content only with second command

curl http://example.com/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.html

When I ran

curl http://example.com/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM

I got 404 error.

If I press continue in ./letsencrypte script I also got 404 error. This tool try against URL without .html extension.

I read comments in the tutorial and try this workaround but it didn't work for me.

I have no clue what to try next - I have no lot experience with Jekyll/SSL

Answer 1

Another solution (as suggested by Marthym) is simply to add a slash to the end of the permalink line:

permalink: /.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM/

In this way, visiting YOURDOMAIN.org/.well-known/acme-challenge/... will redirect you to YOURDOMAIN.org/.well-known/acme-challenge/.../ (note the extra slash) which will have the correct data. It worked flawlessly for me, and I didn't need to update the .gitlab-ci.yml when I switched to a different domain.

Answer 2

what I did was that I copied the challenge file after the build finished on gitlab, since I could not figure out how to make jekyll omit the file extension.

my .gitlab-ci.yml file

image: ruby:2.3

pages:
  script:
  - gem install jekyll
  - jekyll build -d public
  # Use this when creating a new letsencrypt cert, this since jekyll adds .html to the file and letsencrypd does not expect a .html extension
  - cp ./public/.well-known/acme-challenge/HASHFILE-FROM-LETSENCRYPT.html ./public/.well-known/acme-challenge/HASHFILE-FROM-LETSENCRYPT
  artifacts:
    paths:
    - public
  only:
  - master