I used this command to generate certificate for git.sky-echo.space, below is the output as well:
./certbot-auto certonly -d git.sky-echo.space
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for git.sky-echo.space
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
-
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/git.sky-echo.space/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/git.sky-echo.space/privkey.pem
Your cert will expire on 2020-04-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew all of your certificates, run
“certbot-auto renew” -
If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Maybe simply this hard machine reboot is needed in order that certificate to show in the browser? I usually reboot the gitlab services with this command (but it now does not activate the SSL certificate):
sudo gitlab-ctl restart
ok: run: alertmanager: (pid 3310) 1s
ok: run: crond: (pid 3317) 0s
ok: run: gitaly: (pid 3328) 1s
ok: run: gitlab-monitor: (pid 3333) 0s
ok: run: gitlab-workhorse: (pid 3340) 0s
ok: run: logrotate: (pid 3352) 1s
ok: run: nginx: (pid 3359) 1s
ok: run: node-exporter: (pid 3366) 0s
ok: run: postgres-exporter: (pid 3408) 1s
ok: run: postgresql: (pid 3523) 0s
ok: run: prometheus: (pid 3526) 0s
ok: run: redis: (pid 3532) 0s
ok: run: redis-exporter: (pid 3537) 0s
ok: run: sidekiq: (pid 3557) 0s
ok: run: unicorn: (pid 3574) 1s
The second domain with a different IP address (sky-echo.space) is a DNS from Gandi, without a working webserver from our side. Perhaps this domain doesn’t have to have a working SSL certificate? Our goal is just to have a working SSL certificate on git.sky-echo.space domain