GitLab을 Docker image로 실행시 letsencrypt 오류 해결
- Ace, Koo
Owned by Ace, Koo
GitLab EE 버전을 Docker Engine이나 Docker Compose로 실행할 때 letsencrypt 에러가 발생할 경우 다음과 같이 해결할 수 있다.
CentOS 7에서는 Docker image로 실행시 권한 오류나 인증서 오류가 발생하여 실행되지 않는 오류가 발생하고 있음 (2020.07 기준)
아래의 절차는 GitLab upgrade 오류시에도 적용할 수 있음
오류 내용
Recipe: letsencrypt::http_authorization
* letsencrypt_certificate[gitlab.example.com] action create
* acme_certificate[staging] action create
* file[gitlab.example.com SSL key] action create_if_missing (up to date)
================================================================================
Error executing action `create` on resource 'acme_certificate[staging]'
================================================================================
Acme::Client::Error::RateLimited
--------------------------------
Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/libraries/acme.rb:39:in `acme_client'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/libraries/acme.rb:47:in `acme_order_certs_for'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:76:in `block in class_from_file'
Resource Declaration:
---------------------
suppressed sensitive resource output
Compiled Resource:
------------------
suppressed sensitive resource output
System Info:
------------
chef_version=15.9.17
platform=ubuntu
platform_version=16.04
ruby=ruby 2.6.6p146 (2020-03-31 revision 67876) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
================================================================================
Error executing action `create` on resource 'letsencrypt_certificate[gitlab.example.com]'
================================================================================
Acme::Client::Error::RateLimited
--------------------------------
acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::RateLimited: Error creating new account :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/
오류 해결 절차
실행중인 Docker 컨테이너의 /etc/gitlab/gitlab.rb에서 external_url과 letsencrypt 부분을 변경 (http로 설정)
external_url 'http://gitlab.example.com'
#external_url 'https://gitlab.example.com'
# letsencrypt['auto_renew'] = true
# letsencrypt['auto_renew_hour'] = 0
# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
# letsencrypt['auto_renew_day_of_month'] = "*/4"GitLab의 변경된 구성을 재적용
bash~# gitlab-ctl reconfigure필요한 조치를 수행
/etc/gitlab/gitlab.rb에서 external_url과 letsencrypt 부분을 변경 (https로 설정)
GitLab의 변경된 구성을 재적용
참고 사이트 : https://forum.gitlab.com/t/lets-encrypt-error/32357/13