PROBLEM: I had hosted a gitlab server on Azure and it was not getting autorenewed.
SOLUTION:
1. Check the current SSL cert path:
sudo grep -n "ssl_certificate"
/var/opt/gitlab/nginx/conf/gitlab-http.conf
OR
sudo grep -n "ssl_certificate" /etc/gitlab/gitlab.rb
You are likely to see something like this:
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.example.com.crt"
nginx['ssl_certificate_key'] =
"/etc/gitlab/ssl/gitlab.example.com.key"
2. In my case, I was using gitlab let'sencrypt. So, I installed certbot.
sudo apt update && sudo apt install certbot -y
3. Obtain Fresh Certificate
sudo gitlab-ctl stop nginx
sudo certbot certonly --standalone -d
gitlab.yourdomain.com
sudo gitlab-ctl start nginx
4. Configure Gitlab to use new cert
external_url "https://gitlab.yourdomain.com"
letsencrypt['enable'] =
false
nginx['ssl_certificate'] =
"/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
nginx['ssl_certificate_key']
= "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
5. Apply and restart
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart
6. Setup autorenewal
sudo certbot renew --dry-run
If you face any issue in this step, ensure to edit:
sudo nano /etc/letsencrypt/renewal/yourdomain.example.com.conf
Add these lines under [renewalparams]
pre_hook = gitlab-ctl stop nginx
post_hook = gitlab-ctl start nginx
deploy_hook
= gitlab-ctl hup nginx
7. you may need to edit gitlab config and then reconfigure
sudo nano /etc/gitlab/gitlab.rb
external_url "https://git-yourdomain.example.com"
letsencrypt['enable']
= true
letsencrypt['contact_emails'] = ['your-email@example.com']
nginx['redirect_http_to_https']
= true
8. In case, you are using gitlab registry as your docker registry, you may want to add in gitlab.rb
registry_external_url "https://registry.example.com"
registry_nginx['ssl_certificate']= "/etc/gitlab/ssl/registry.example.com.crt"
registry_nginx['ssl_certificate_key']= "/etc/gitlab/ssl/registry.example.com.key"