Getting error 403 when trying to set up domain for Gitlab

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: gitlab-ctl reconfigure

It produced this output:

There was an error running gitlab-ctl reconfigure:

letsencrypt_certificate[] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: RuntimeError: ruby_block[create certificate for] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [] Validation failed, unable to request certificate, Errors: [{url:, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:unauthorized", "detail"=>" Invalid response from 400", "status"=>403}} ]

My web server is (include version): nginx

The operating system my web server runs on is (include version): Debian 11

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

The 403 is coming from your gitlab instance, so it isn't answering the challenge properly.

It looks like when I try to connect to that your nginx is configured to listen for HTTPS on the HTTP port, which won't work. That suggests to me something is wrong with the nginx configuration.

I see there's a long thread over on the Gitlab forum with various suggestions that may also be of help: LetsEncrypt certificates fail in domain validation - #9 by julhub - Tutorials - GitLab Forum


Thanks, that seems to have helped get rid of the original issue, but now I am getting a "Secure Connection Failed" error on Firefox, has the error code of: SEC_ERROR_REUSED_ISSUER_AND_SERIAL.
Have also now tried in Edge where I can get past the warning but is still warning about an unsecured connection, would this be related to the cert or could this be more of a Gitlab issue?

1 Like

That doesn't make any sense.

Ok, it's just Firefox being Firefox. You're using a self signed certificate and without even randomising the serial number.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.