DevOps Red hat linux

How to Update Third-Party SSL Certificates on GitLab

Prabath ThalangamaComment(0)

Updating third-party SSL certificates on GitLab involves replacing the existing certificate files with the new ones and reconfiguring GitLab. Here’s how to do it

1. Obtain New SSL Certificates

You can use my CSR Generator to generate a CSR and acquire the SSL certificate.

– Acquire the updated SSL certificate and private key from your Certificate Authority (CA).
– Save them on your server in a secure location. For example:

  • /etc/gitlab/ssl/yourdomain.com.crt (certificate)
  • /etc/gitlab/ssl/yourdomain.com.key (private key)
  • /etc/gitlab/ssl/yourdomain.com.ca-bundle (optional, CA bundle if required by your CA)

Ensure the files are owned by root and have appropriate permissions:

sudo chown root:root /etc/gitlab/ssl/yourdomain.com.*
sudo chmod 600 /etc/gitlab/ssl/yourdomain.com.*

2. Update GitLab Configuration

Open the GitLab configuration file for editing:

sudo nano /etc/gitlab/gitlab.rb

Set the external_url to use HTTPS if not already configured:

external_url 'https://yourdomain.com'

If you’re using GitLab’s bundled NGINX, update its SSL settings:

nginx['ssl_certificate'] = "/etc/gitlab/ssl/yourdomain.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/yourdomain.com.key"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem" # Optional

3. Reconfigure GitLab

Apply the changes and reload GitLab:

sudo gitlab-ctl reconfigure

4. Restart GitLab Services

Restart NGINX and other GitLab services:

sudo gitlab-ctl restart

5. Verify the SSL Certificate

Open your GitLab instance in a browser at https://yourdomain.com and confirm the SSL certificate is updated.

6. Optional: Test SSL Configuration

Use tools like SSL Labs’ SSL Test to verify the SSL configuration.

Troubleshooting

  • Permissions Issues: Ensure certificate files have correct permissions and ownership.
  • NGINX Errors: Check logs if NGINX fails to restart: 
    sudo gitlab-ctl tail nginx/gitlab_error.log

Loading

Prabath Thalangama
Web: sysadmin.lk
Email: inbox [at] sysadmin.lk
LinkedIn: https://www.linkedin.com/in/prabatht
Facebook: https://www.facebook.com/prabath.hinoize

Related Articles
Red hat linux Shell scripting

Delete Files Older Than X Days

Prabath Thalangama

Command Syntax find /path/to/files* -mtime +5 -exec rm {} \; Note that there are spaces between rm, {}, and \; This is a very simple tutorial how to find and delete files older than X days. I needed this for a project where i collected some images and after a while they took too much […]

Loading

Sysadmin profile picture
Kubernetes Red hat linux

Deploy NGINX Ingress Controller on AKS Kubernetes using Helm

Prabath Thalangama

Step 1 – Allocate Public IP for Ingress The following command will allocate Public IP : az network public-ip create –resource-group [resource-group] –name [name for public IP] –sku Standard –allocation-method static –query publicIp.ipAddress -o tsv Step 2 – Install NGINX Ingress Controller using Helm An ingress controller, because it is a core component of Kubernetes, […]

Loading
Red hat linux Web Hosting

Installation of KLOXO Hosting Panel with DKIM and SPF

Prabath Thalangama

An easy to follow guide to install DKIM on CentOS 5.x Linux mail servers using qmailtoaster and kloxo/lxadmin. help prevent outgoing emails from your email servers winding up in someone’s spam box. KLOXO instalation guide su – root setenforce 0 su – root yum install -y wget wget http://download.lxcenter.org/download/kloxo/production/kloxo-installer.sh #To install as Master (Default Single […]

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *