DevOps Red hat linux

How to Update Third-Party SSL Certificates on GitLab

Prabath ThalangamaComment(0)

Updating third-party SSL certificates on GitLab involves replacing the existing certificate files with the new ones and reconfiguring GitLab. Here’s how to do it

1. Obtain New SSL Certificates

You can use my CSR Generator to generate a CSR and acquire the SSL certificate.

– Acquire the updated SSL certificate and private key from your Certificate Authority (CA).
– Save them on your server in a secure location. For example:

  • /etc/gitlab/ssl/yourdomain.com.crt (certificate)
  • /etc/gitlab/ssl/yourdomain.com.key (private key)
  • /etc/gitlab/ssl/yourdomain.com.ca-bundle (optional, CA bundle if required by your CA)

Ensure the files are owned by root and have appropriate permissions:

sudo chown root:root /etc/gitlab/ssl/yourdomain.com.*
sudo chmod 600 /etc/gitlab/ssl/yourdomain.com.*

2. Update GitLab Configuration

Open the GitLab configuration file for editing:

sudo nano /etc/gitlab/gitlab.rb

Set the external_url to use HTTPS if not already configured:

external_url 'https://yourdomain.com'

If you’re using GitLab’s bundled NGINX, update its SSL settings:

nginx['ssl_certificate'] = "/etc/gitlab/ssl/yourdomain.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/yourdomain.com.key"
nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem" # Optional

3. Reconfigure GitLab

Apply the changes and reload GitLab:

sudo gitlab-ctl reconfigure

4. Restart GitLab Services

Restart NGINX and other GitLab services:

sudo gitlab-ctl restart

5. Verify the SSL Certificate

Open your GitLab instance in a browser at https://yourdomain.com and confirm the SSL certificate is updated.

6. Optional: Test SSL Configuration

Use tools like SSL Labs’ SSL Test to verify the SSL configuration.

Troubleshooting

  • Permissions Issues: Ensure certificate files have correct permissions and ownership.
  • NGINX Errors: Check logs if NGINX fails to restart: 
    sudo gitlab-ctl tail nginx/gitlab_error.log

Loading

Prabath Thalangama
Web: sysadmin.lk
Email: inbox [at] sysadmin.lk
LinkedIn: https://www.linkedin.com/in/prabatht
Facebook: https://www.facebook.com/prabath.hinoize

Related Articles
Apache LAMP Red hat linux Web Hosting

Update PHP 5.1 to 5.5 on Redhat / CentOS 5.5

Prabath Thalangama

Add EPEL repo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-5.noarch.rpm rpm -Uvh http://mirror.webtatic.com/yum/el5/latest.rpm Remove Previous version yum remove php* Install PHP 5.5 yum install php55w-fpm php55w-opcache yum install php55w-xml php55w-gd php55w-process php55w-mysql php55w-mbstring php55w-pear php55w-common php55w-imap php55w php55w-mcrypt php55w-pdo php55w-cli php55w-devel

Loading
Red hat linux Shell scripting

Color text output on bash scripts

Prabath Thalangama

Users who have been using Linux for awhile often learn that creating a basic script is a good way to run multiple, often-repeated commands. Adding a little color to scripts can additionally provide nice feedback. This can be done in a fairly straight-forward way by using the tput command. A common way of doing this […]

Loading
Red hat linux Web Hosting

Install and configure FTP server on CentOS

Prabath Thalangama

Complete answer that solved my question for any others that are after a step by step walkthrough… Install vsftpd using “yum install vsftpd”. Create user with useradd [user_name]. Create user’s password with passwd [user_name]. (You’ll be prompted to specify the password). Create FTP directory in /var/ftp and then bind to the ‘home’ directory you wish […]

Loading

Leave a Reply

Your email address will not be published. Required fields are marked *