Skip to content

deploy from self-hosted gitlab, building failed due to cert fail. #1215

New issue
New issue
Closed
Closed
deploy from self-hosted gitlab, building failed due to cert fail.#1215
@g05357005

Description

@g05357005
g05357005
opened on Oct 7, 2021

I have a caprover 1.10.0 on centos 7.
one of my app is set to deploy from a self-hosted gitlab, which is using lets encrypt on ssl.

seems facing to letsencrypt's Sep29 root cert problem,
now I can't build from the gitlab webhook.

the caprover log says

captain-captain.1.gpzdf5sqckbl@lineauth    | Error: Cloning into '/captain/temp/image_raw/linebot/157/source_files'...
captain-captain.1.gpzdf5sqckbl@lineauth    | fatal: unable to access '{MY-GITLAB-GIT-REPO-WITH-PASSWORD}': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
captain-captain.1.gpzdf5sqckbl@lineauth    | 
captain-captain.1.gpzdf5sqckbl@lineauth    |     at Object.action (/usr/src/app/node_modules/simple-git/src/lib/plugins/error-detection.plugin.js:30:33)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at PluginStore.exec (/usr/src/app/node_modules/simple-git/src/lib/plugins/plugin-store.js:21:33)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at /usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.js:95:45
captain-captain.1.gpzdf5sqckbl@lineauth    |     at new Promise (<anonymous>)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at GitExecutorChain.handleTaskData (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.js:93:16)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at GitExecutorChain.<anonymous> (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.js:77:46)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at Generator.next (<anonymous>)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at fulfilled (/usr/src/app/node_modules/simple-git/src/lib/runners/git-executor-chain.js:5:58)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at runMicrotasks (<anonymous>)
captain-captain.1.gpzdf5sqckbl@lineauth    |     at processTicksAndRejections (internal/process/task_queues.js:95:5)

The self-hosted gitlab server is using ISRG Root chained to DST Root

Common name: R3
Organization: Let's Encrypt
Location: US
Valid from September 3, 2020 to September 15, 2025
Serial Number: 912b084acf0c18a753f6d62e25a75f5a
Signature Algorithm: sha256WithRSA
EncryptionIssuer: ISRG Root X1 |  
-- | --
Common name: ISRG Root X1
Organization: Internet Security Research Group
Location: US
Valid from January 20, 2021 to September 30, 2024
Serial Number: 4001772137d4e942b8ee76aa3c640ab7
Signature Algorithm: sha256WithRSA
EncryptionIssuer: DST Root CA X3

please advice.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions