Cloning returns "SSL certificate problem: unable to get local issuer certificate" (#9443) · Issues · gpt / large_projects / gitlabhq1

Cloning returns "SSL certificate problem: unable to get local issuer certificate"

Created by: kminehart

My gitlab.rb: (I got rid of all of the comments to clean it up.)

## Url on which GitLab will be reachable.
## For more details on configuring external_url see:
## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
external_url 'https://example.com:6443'


## Note: configuration settings below are optional.
## Uncomment and change the value.
############################
# gitlab.yml configuration #
############################
gitlab_rails['gitlab_email_from'] = 'gitlab@example.com'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'


################################
# GitLab email server settings #
################################

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "localhost"
gitlab_rails['smtp_port'] = 456
gitlab_rails['smtp_user_name'] = "gitlab@example.com"
gitlab_rails['smtp_password'] = "O5WNASInGW"
gitlab_rails['smtp_domain'] = "example.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true

################
# gitlab-shell #
################

# gitlab_shell['audit_usernames'] = false
gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/certs/cert.pem', ca_path: '/etc/pki/tls/certs/gitlab', self_signed_cert: false}
gitlab_shell['log_level'] = 'DEBUG'
# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"

##################
# GitLab Unicorn #
##################
unicorn['port'] = 6080

################
# GitLab Nginx #
################
## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/629def0a7a26e7c2326566f0758d4a27857b52a3/doc/settings/nginx.md
nginx['ssl_certificate'] = "/home/admin/conf/web/ssl.example.com.crt"
nginx['ssl_certificate_key'] = "/home/admin/conf/web/ssl.example.com.key"

the ssl.example.com.crt / ca / key / pem is a signed certificate issued by a CA, not a self-signed certificate.

/etc/ssl/certs/cert.pem is the a copied / pasted one

The contents of "/etc/pki/tls/certs/gitlab is:

[root@example gitlab]# ls /etc/pki/tls/certs/gitlab
cert.ca  cert.crt  cert.key  cert.pem  COMODORSAAddTrustCA.crt  COMODORSADomainValidationSecureServerCA.crt  externalCAroot.crt

and it appears to me that the https connection between any browser I've tried and nginx is successful, I'm still not sure why git doesn't like my certificates.

I've tried using the .key instead of the .pem, I've tried using the crt instead, I've tried manually configuring /var/opt/gitlab/gitlab-shell/config.yml with every crt, ca, .pem, and .key. I've got nothing else to try. I'm running gittlab-ctl reconfigure every time I change gitlab.rb, too.