Lets encrypt error on renewing

Discussion in 'Server Operation' started by Gaston Girardi, Aug 11, 2021.

  1. Gaston Girardi

    Gaston Girardi Member HowtoForge Supporter

    Hi everyone, hope you all are ok and someone can help me with the problem i have.

    I had a Gitlab server that i install using the "How to Install Gitlab on Debian 8 (Jessie)" , everything works fine till the moment my certificate expired, for some reason there's an error when the crtificate is trying to get renewed.

    As a comment i'm running it on debian 10.

    when i run the command "gitlab-ctl reconfigure" i get the following error:
    Code:
    letsencrypt_certificate[gitxxx.mydomain.com] (letsencrypt::http_authorization line 5) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for gitxxx.mydomain.com] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitxxx.mydomain.com] Validation failed, unable to request certificate
    If i check the log for the automated task for the renewal i see this:
    Code:
    # Logfile created on 2021-04-11 04:30:03 -0500 by logger.rb/v1.4.2
    [2021-04-11T04:30:03-05:00] INFO: Started Chef Infra Zero at chefzero://localhost:1 with repository at /opt/gitlab/embedded
      One version per cookbook
    
    [2021-04-11T04:30:03-05:00] INFO: *** Chef Infra Client 15.14.0 ***
    [2021-04-11T04:30:03-05:00] INFO: Platform: x86_64-linux
    [2021-04-11T04:30:03-05:00] INFO: Chef-client pid: 9315
    [2021-04-11T04:30:05-05:00] INFO: Setting the run_list to ["recipe[gitlab::letsencrypt_renew]"] from CLI options
    [2021-04-11T04:30:05-05:00] INFO: Run List is [recipe[gitlab::letsencrypt_renew]]
    [2021-04-11T04:30:05-05:00] INFO: Run List expands to [gitlab::letsencrypt_renew]
    [2021-04-11T04:30:05-05:00] INFO: Starting Chef Infra Client Run for gitkachi.kachimushi.com
    [2021-04-11T04:30:05-05:00] INFO: Running start handlers
    [2021-04-11T04:30:05-05:00] INFO: Start handlers complete.
    [2021-04-11T04:30:06-05:00] INFO: Loading cookbooks [[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], mat$
    [2021-04-11T04:30:10-05:00] INFO: file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/b6nDNEfGAnrdV-Rk6OM13pmI_UESLh4Set_kfu_5EvM] created file /var/opt/gitlab/n$
    [2021-04-11T04:30:10-05:00] INFO: file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/b6nDNEfGAnrdV-Rk6OM13pmI_UESLh4Set_kfu_5EvM] updated file contents /var/opt$
    [2021-04-11T04:30:10-05:00] INFO: file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/b6nDNEfGAnrdV-Rk6OM13pmI_UESLh4Set_kfu_5EvM] owner changed to 0
    [2021-04-11T04:30:10-05:00] INFO: file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/b6nDNEfGAnrdV-Rk6OM13pmI_UESLh4Set_kfu_5EvM] group changed to 0
    [2021-04-11T04:30:10-05:00] INFO: file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/b6nDNEfGAnrdV-Rk6OM13pmI_UESLh4Set_kfu_5EvM] mode changed to 644
    [2021-04-11T04:30:31-05:00] INFO: file[/var/opt/gitlab/nginx/www/.well-known/acme-challenge/b6nDNEfGAnrdV-Rk6OM13pmI_UESLh4Set_kfu_5EvM] deleted file at /var/opt/gitla$
    [2021-04-11T04:30:31-05:00] INFO: Running queued delayed notifications before re-raising exception
    [2021-04-11T04:30:31-05:00] INFO: Running queued delayed notifications before re-raising exception
    [2021-04-11T04:30:31-05:00] INFO: Running queued delayed notifications before re-raising exception
    [2021-04-11T04:30:31-05:00] ERROR: Running exception handlers
    [2021-04-11T04:30:31-05:00] ERROR: Exception handlers complete
    [2021-04-11T04:30:31-05:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out
    [2021-04-11T04:30:31-05:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
    [2021-04-11T04:30:31-05:00] FATAL: RuntimeError: letsencrypt_certificate[gitxxx.mydomain.com] (letsencrypt::http_authorization line 5) had an error: RuntimeError: $
    i've been trying to solve the error but i haven't been very lucky, so i will appreciate any lead.
     
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Try to update your LE client, whatever LE client that you are currently using; and make sure you are using its version 2 and not 1 for your LE account. Delete the current certs if it is using the old version 1 and request for new certs instead of renewing them.
     

Share This Page