Gitlab on Pi; DNS forward, where to use letsencrypt?

Hi,

I'm running Gitlab on a Raspberry Pi (ad-hoc) and I have a domain (https://git.runtrainer.com:1234) which forwards towards the Pi via port forwarding. The domain (runtrainer.com) is hosted on a VPS and already in place.

My domain is:
https://git.runtrainer.com:1234

I ran this command:
gitlab-ctl reconfigure

It produced this output:
letsencrypt_certificate[git.runtrainer.com] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: RuntimeError: ruby_block[create certificate for git.runtrainer.com] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [git.runtrainer.com] Validation failed, unable to request certificate, Errors: [{url: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/1579628508/iyQynQ, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:connection", "detail"=>"Fetching http://git.runtrainer.com/.well-known/acme-challenge/CrwFdPNZDuHZYnfyL668JQmLcVJCczv0LOtTqDO_Nt0: Timeout during connect (likely firewall problem)", "status"=>400}

My web server is (include version):
Raspberry Pi 4B (ad-hoc)

The operating system my web server runs on is (include version):
Raspbian 11 (bullseye)

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
GitLab 14.7.0

Let's Encrypt will only initiate the validation on port 80 when using the http-01 challenge (default in a lot of ACME clients), so make sure port 80 is open and, if required, forwarded to the host.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.