Menu
I had Gitlab installed on Ubuntu 14.04. It was failing to renew Let's Encrypt certificate. I have upgraded Ubuntu to 16.04 and then apt-get update && apt-get upgrade but it seems that it didn't upgrade ACME client to v2 that would allow me to update a certificate. How can I update a certificate?
gitlab-cli renew-le-certs
results in:
letsencrypt_certificate[elenx.net] (letsencrypt::http_authorization
line 3) had an error: Acme::Client::Error::Unauthorized:
acme_certificate[staging]
(/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb
line 20) had an error: Acme::Client::Error::Unauthorized: Account
creation on ACMEv1 is disabled. Please upgrade your ACME client to a
version that supports ACMEv2 / RFC 8555. See
https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430
for details.
218
acme-client is an Automatic Certificate Management Environment (ACME) client: it looks in its configuration for a domain section corresponding to the handle given as command line argument and uses that configuration to retrieve an X.
Let's Encrypt is an open and automated certificate authority that uses the ACME (Automatic Certificate Management Environment ) protocol to provide free TLS/SSL certificates to any compatible client. These certificates can be used to encrypt communication between your web server and your users.
https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4614#note_232009029
Interesting dilemma. We've upgraded the ACME client in !3420 (merged) in GitLab 12.1, but you're blocked from upgrading until you can get a successful reconfigure.
So you need to upgrade to gitlab >= 12.1
Turn off letsencrypt: nano /etc/gitlab/gitlab.rb
a few pages down look for: letsencrypt['enable'] = true and set it to false then save
Upgrade to latest release of your major version
apt-get upgrade gitlab-ee=11.11.8
Run gitlab-ctl reconfigure
Upgrade to Gitlab 12 apt-get upgrade gitlab-ee
Run gitlab-ctl reconfigure
Reboot sudo reboot
Return letsencrypt['enable'] = true in /etc/gitlab/gitlab.rb
Run gitlab-ctl reconfigure
Run gitlab-ctl renew-le-certs
54
I faced a similar problem. The steps mentioned by @Ryabchenko is perfect.
I am adding a few more steps.
Remove the old certificates from /etc/gitlab/ssl/ ( after step no 6 in @Ryabchenko 's answer)
You are getting an error in lin 20. If someone get an error on line 25 which is
RuntimeError: acme_certificate[staging]
then add following line in gitlab.rb
nginx['custom_gitlab_server_config'] = "location /.well-known/acme-challenge/ {\n root /var/opt/gitlab/nginx/www/; \n}\n"
Note: I have mentioned the detailed steps here: https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4900#note_292031191
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
