Gitlab on Pi; DNS forward, where to use letsencrypt?


I'm running Gitlab on a Raspberry Pi (ad-hoc) and I have a domain ( which forwards towards the Pi via port forwarding. The domain ( is hosted on a VPS and already in place.

My domain is:

I ran this command:
gitlab-ctl reconfigure

It produced this output:
letsencrypt_certificate[] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: RuntimeError: ruby_block[create certificate for] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [] Validation failed, unable to request certificate, Errors: [{url:, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:connection", "detail"=>"Fetching Timeout during connect (likely firewall problem)", "status"=>400}

My web server is (include version):
Raspberry Pi 4B (ad-hoc)

The operating system my web server runs on is (include version):
Raspbian 11 (bullseye)

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
GitLab 14.7.0

Let's Encrypt will only initiate the validation on port 80 when using the http-01 challenge (default in a lot of ACME clients), so make sure port 80 is open and, if required, forwarded to the host.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.