Question

Gitlab site says to configure Gitlab-CE installation, what can I do get back into my site?

Hello,

I have a droplet set up for a while with Gitlab-CE from a one-click install. I believe Gitlab was at 9.2.5 when I created the droplet.

I have tried to keep the droplet up to date, but today I noticed that the site was not working. There was an error about unsecure connection. I have had this issue before, and it was easily fixed by updating my droplet. I went and did that but still could not get into my site.

I checked the Let’s Encrypt certificate to see if it needed to be renewed with sudo certbot renew --dry-run but that showed these errors:

Attempting to renew cert (gitlab.devplateau.com) from /etc/letsencrypt/renewal/gitlab.devplateau.com.conf produced an unexpected error: Failed authorization procedure. gitlab.devplateau.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gitlab.devplateau.com/.well-known/acme-challenge/HSNFfdwytBVlEdmalsrX1gGxfVn3WtNI0YK8Pm6JtPo: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/gitlab.devplateau.com/fullchain.pem (failure)

-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/gitlab.devplateau.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: gitlab.devplateau.com
   Type:   unauthorized
   Detail: Invalid response from
   http://gitlab.devplateau.com/.well-known/acme-challenge/HSNFfdwytBVlEdmalsrX1gGxfVn3WtNI0YK8Pm6JtPo:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I have made sure that the A record for gitlab.devplateau.com did not get removed somehow and it is still there. I even removed it and created it again just to be safe.

Can someone please help me get back into my Gitlab site? I have important code saved and would prefer not to have to start the server over.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

mrdevnetMarch 26, 2018

I have the same problem, But still can’t fix it. Are there any idea. Please help us. :(

Jason PetersFebruary 15, 2018

That is quite alright.

If you would like to give it a shot. (backup your Gitlab configuration file)

This is how I run my Gitlab installation - non-bundled NGINX webserver

http://www.creativespacesbysherihannah.com/wp-sys/wp-content/uploads/staircase-before.jpg?TB_iframe=true&width=700&height=351

You will need to install NGINX

wget https://nginx.org/keys/nginx_signing.key -O - | sudo apt-key add -

echo "deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx" > /etc/apt/sources.list.d/nginx.list

apt-get -y update

apt-get -y install nginx

this will install NGINX Mainline

My NGINX configuration looks like this - replace YOUR_SERVER_FQN with your server domain

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}


server {

  listen 0.0.0.0:80;

  server_name YOUR_SERVER_FQN;
  server_tokens off;
  
  location / {
    return 301 https://$http_host$request_uri;    
  }
  
  # Letsencrypt Verification
  #
  location ~ /.well-known {
    root /usr/share/nginx/html;
    allow all;
  } 

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

}


server {

  listen 0.0.0.0:443 ssl;

  server_name YOUR_SERVER_FQDN;
  server_tokens off;

  root /opt/gitlab/embedded/service/gitlab-rails/public; 

  ssl on;
  ssl_certificate /etc/letsencrypt/live/git.YOUR_SERVER_FQN/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/git.YOUR_SERVER_FQN/privkey.pem;
  
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_prefer_server_ciphers on;
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_ecdh_curve secp384r1;

  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;

  ssl_stapling on;
  ssl_stapling_verify on;

  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;
  
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  
  ssl_dhparam /etc/ssl/certs/dhparam.pem;  
  
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }

}
Jason PetersFebruary 13, 2018

Take a look at https://docs.gitlab.com/omnibus/settings/nginx.html#inserting-custom-nginx-settings-into-the-gitlab-server-block - add this to the server block

location ^~ /.well-known/acme-challenge/ {
  default_type "type/plain";
  root /tmp/letsencrypt;
}

issue this command mkdir /tmp/letsencrypt

Restart Gitlab and then try and renew the SSL

… or you can reconfigure gitlab to not use SSL

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up