gitlab letsencrypt http_authorization 错误
gitlab letsencrypt http_authorization error
我最近在我的 Ubuntu 服务器上安装了 Gitlab CE。我想要的 运行 Gitlab 域是 https://git.mydomain.com(这是一个示例 URL),所以我更喜欢使用 Lets Encrypt 在服务器上启用 SSL。
安装结束时,我收到此错误:
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[git.mydomain.com] (letsencrypt::http_authorization line 5) had an error: Acme::Client::Error::Malformed: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed
我已经阅读了很多页面来寻找解决方案,但其中 none 没有用。你能帮我在这个 Gitlab 实例上激活 SSL 吗?
这不是仅限于您的情况的问题。
最近的 2019 年 12 月 gitlab-org/gitlab
issue 38255 (now gitlab-org/omnibus-gitlab
issue 4900 描述了同样的问题,很多 的人。
For others who may face the same problem, you should comment out all the block mentioned by @Azylog , including the acme_certificate 'staging' and end lines
But it's a serious lack of conformity to the Let's Encrypt announcements. If method is not changed to POST-as-GET before November 1st, 2020, even the production certificate won't be issued and this workaround won't be any use.
这与 ACME v2 - Scheduled deprecation of unauthenticated resource GETs 有关,从昨天开始生效。
After Dec 4th, unauthenticated HTTP GET
requests to ACME v2 resource URLs will return HTTP status code of 405 “method not allowed
” and a body containing a JSON problem with type “urn:ietf:params:acme:error:malformed
”.
POST-as-GET
requests authenticated by a signature from an account other than the creating account will return an HTTP status code of 403 “forbidden” and a body containing a JSON problem with type “urn:ietf:params:acme:error:unauthorized
”.
注意:unixcharles/acme-client
2.0.5 将使用 POST-as-GET
,应该可以解决这个问题。
merge request 3782 显示 GitLab Omnibus 的下一个版本 12.6 将使用 acme-client 2.0.5。
This will be backported 到 12.2.x 到 12.5.x
的下一个版本
当前的解决方法,由Ahmed Mo7eb :: أحمد محب提出:
- delete old certificate from ssl folder
- install Cerbot "manually" (#
sudo certbot certonly -a manual
) &
(You must make port 80 and 443 available in firewall)
- write your Domain name in order
- go to:
/var/opt/gitlab/nginx/www/.well-known/acme-challenge/
"Create file with the name that appeared"
- press Enter
- Congratulation!
Update January 2020:这应该适用于 GitLab 12.6.2。
不再需要修补 certificated.rb
。
Mohammad Saberi adds (1月15日,一个多月后):
Finally, I could activate LetsEncrypt SSL on Gitlab 12.6.4, but with disabling staging part of certificate.rb
.
中描述了解决方法
修改
/opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb
并注释掉暂存部分(第 25 至 38 行)。
为我工作 (tm)。
我们遇到的问题不一样,但错误是一样的
(在我的例子中,letsencrypt 证书已过期并且 GitLab 12.2.5-ee.0 的续订流程中断。)
我们所做的是...
- 升级到最新版本的Gitlab(当前稳定版本为:12.7.6-ee.0)
- 编辑gitlab.rb
- 删除旧证书
- 重新配置 GitLab 服务器
我把详细步骤写在这里:https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4900#note_292031191
我最近在我的 Ubuntu 服务器上安装了 Gitlab CE。我想要的 运行 Gitlab 域是 https://git.mydomain.com(这是一个示例 URL),所以我更喜欢使用 Lets Encrypt 在服务器上启用 SSL。 安装结束时,我收到此错误:
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[git.mydomain.com] (letsencrypt::http_authorization line 5) had an error: Acme::Client::Error::Malformed: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed
我已经阅读了很多页面来寻找解决方案,但其中 none 没有用。你能帮我在这个 Gitlab 实例上激活 SSL 吗?
这不是仅限于您的情况的问题。
最近的 2019 年 12 月 gitlab-org/gitlab
issue 38255 (now gitlab-org/omnibus-gitlab
issue 4900 描述了同样的问题,很多 的人。
For others who may face the same problem, you should comment out all the block mentioned by @Azylog , including the acme_certificate 'staging' and end lines
But it's a serious lack of conformity to the Let's Encrypt announcements. If method is not changed to POST-as-GET before November 1st, 2020, even the production certificate won't be issued and this workaround won't be any use.
这与 ACME v2 - Scheduled deprecation of unauthenticated resource GETs 有关,从昨天开始生效。
After Dec 4th, unauthenticated
HTTP GET
requests to ACME v2 resource URLs will return HTTP status code of 405 “method not allowed
” and a body containing a JSON problem with type “urn:ietf:params:acme:error:malformed
”.
POST-as-GET
requests authenticated by a signature from an account other than the creating account will return an HTTP status code of 403 “forbidden” and a body containing a JSON problem with type “urn:ietf:params:acme:error:unauthorized
”.
注意:unixcharles/acme-client
2.0.5 将使用 POST-as-GET
,应该可以解决这个问题。
merge request 3782 显示 GitLab Omnibus 的下一个版本 12.6 将使用 acme-client 2.0.5。
This will be backported 到 12.2.x 到 12.5.x
当前的解决方法,由Ahmed Mo7eb :: أحمد محب提出:
- delete old certificate from ssl folder
- install Cerbot "manually" (#
sudo certbot certonly -a manual
) &
(You must make port 80 and 443 available in firewall)- write your Domain name in order
- go to:
/var/opt/gitlab/nginx/www/.well-known/acme-challenge/
"Create file with the name that appeared"- press Enter
- Congratulation!
Update January 2020:这应该适用于 GitLab 12.6.2。
不再需要修补 certificated.rb
。
Mohammad Saberi adds
Finally, I could activate LetsEncrypt SSL on Gitlab 12.6.4, but with disabling staging part of
certificate.rb
.
修改
/opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb
并注释掉暂存部分(第 25 至 38 行)。
为我工作 (tm)。
我们遇到的问题不一样,但错误是一样的
(在我的例子中,letsencrypt 证书已过期并且 GitLab 12.2.5-ee.0 的续订流程中断。)
我们所做的是...
- 升级到最新版本的Gitlab(当前稳定版本为:12.7.6-ee.0)
- 编辑gitlab.rb
- 删除旧证书
- 重新配置 GitLab 服务器
我把详细步骤写在这里:https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4900#note_292031191