Raspberry pi 3 Gitlab Ce Letsencrypt


#1

Hey,
I installed on a Raspberry Pi 3 with Jessi Lite Gitlab Ce (https://about.gitlab.com/downloads/#raspberrypi2), in local network everything works fine. But i can only open GitlabCe with the local ip from Raspberry Pi. I try to connect to GitlabCe over the Internet using http/https, when i try to generate a letsencrypt Certifikate i get the following error:
Failed authorization procedure. gitlab-comeet.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for gitlab-comeet.de, www.gitlab-comeet.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for www.gitlab-comeet.de

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: gitlab-comeet.de
    Type: connection
    Detail: DNS problem: NXDOMAIN looking up A for gitlab-comeet.de

    Domain: www.gitlab-comeet.de
    Type: connection
    Detail: DNS problem: NXDOMAIN looking up A for www.gitlab-comeet.de

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.

I have no Idea what the problem is, tryed a hole bunch of domain but nothing seems to be working. I opend Port 80 and 443 to the RaspberryPi local IP.


#2

Hi Brenner5

You don’t own the domain gitlab-comeet.de. I checked on godaddy and the domain is still available.

https://au.godaddy.com/domains/searchresults.aspx?checkAvail=1&tmskey=&domainToCheck=gitlab-comeet.de

You are not able to get SSL Certificates for domains you do not own (in fact that is what the whole verification process is about)

Steps:

A) Purchase the domain
B) Point the A records for WWW to the public IP of your Raspberry Pi
C) Perform validation use Lets Encrypt


#3

There’s a problem with your DNS. I cannot find an A record for either gitlab-comeet.de or www.gitlab-comeet.de, do you set A record for them in a public DNS server?

Sneezrys-MBP:~ Sneezry$ dig a www.gitlab-comeet.de

; <<>> DiG 9.8.3-P1 <<>> a www.gitlab-comeet.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42941
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.gitlab-comeet.de.      IN  A

;; AUTHORITY SECTION:
de.         900 IN  SOA f.nic.de. its.denic.de. 2016092557 7200 7200 3600000 7200

;; Query time: 95 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 25 20:53:46 2016
;; MSG SIZE  rcvd: 90

Sneezrys-MBP:~ Sneezry$ dig a gitlab-comeet.de

; <<>> DiG 9.8.3-P1 <<>> a gitlab-comeet.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47597
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;gitlab-comeet.de.      IN  A

;; AUTHORITY SECTION:
de.         900 IN  SOA f.nic.de. its.denic.de. 2016092557 7200 7200 3600000 7200

;; Query time: 646 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sun Sep 25 20:55:01 2016
;; MSG SIZE  rcvd: 86

#4

Ok thanks, i did not registrate the domain! I bought one right now, there i have the option to put a IP to DNS A, do have to put there the IP from my home internet?


#5

Yes you do. It helps to have a static home IP address or you’d be looking at the likes of DynDNS


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.