gitlabでLet's Encryptの証明書を更新しようとすると失敗する時にやった事
8958 ワード
gitlabでLet's Encryptの証明書を更新しようとした
失敗する・・・
$ sudo gitlab-ctl renew-le-certs
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["gitlab::letsencrypt_renew"]
Synchronizing Cookbooks:
- postgresql (0.1.0)
- redis (0.1.0)
- registry (0.1.0)
- consul (0.1.0)
- gitaly (0.1.0)
- letsencrypt (0.1.0)
- nginx (0.1.0)
- runit (4.3.0)
- crond (0.1.0)
- package (0.1.0)
- gitlab (0.0.1)
- mattermost (0.1.0)
- acme (3.1.0)
- compat_resource (12.19.1)
Installing Cookbook Gems:
Compiling Cookbooks...
Converging 14 resources
Recipe: letsencrypt::enable
* ruby_block[http external-url] action run (skipped due to only_if)
Recipe: <Dynamically Defined Resource>
* service[nginx] action nothing (skipped due to action :nothing)
Recipe: nginx::enable
* runit_service[nginx] action enable
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* ruby_block[reload_log_service] action nothing (skipped due to action :nothing)
* directory[/opt/gitlab/sv/nginx] action create (up to date)
* template[/opt/gitlab/sv/nginx/run] action create (up to date)
* directory[/opt/gitlab/sv/nginx/log] action create (up to date)
* directory[/opt/gitlab/sv/nginx/log/main] action create (up to date)
* template[/opt/gitlab/sv/nginx/log/run] action create (up to date)
* template[/var/log/gitlab/nginx/config] action create (up to date)
* directory[/opt/gitlab/sv/nginx/env] action create (up to date)
* ruby_block[Delete unmanaged env files for nginx service] action run (skipped due to only_if)
* template[/opt/gitlab/sv/nginx/check] action create (skipped due to only_if)
* template[/opt/gitlab/sv/nginx/finish] action create (skipped due to only_if)
* directory[/opt/gitlab/sv/nginx/control] action create (up to date)
* link[/opt/gitlab/init/nginx] action create (up to date)
* file[/opt/gitlab/sv/nginx/down] action delete (up to date)
* directory[/opt/gitlab/service] action create (up to date)
* link[/opt/gitlab/service/nginx] action create (up to date)
* ruby_block[wait for nginx service socket] action run (skipped due to not_if)
(up to date)
* execute[reload nginx] action nothing (skipped due to action :nothing)
Recipe: letsencrypt::enable
* directory[/etc/gitlab/ssl] action create (up to date)
* acme_selfsigned[サイトドメイン] action create
* file[サイトドメイン SSL selfsigned key] action create_if_missing (up to date)
* file[サイトドメイン SSL selfsigned crt] action create_if_missing (up to date)
* file[サイトドメイン SSL selfsigned chain] action create_if_missing (skipped due to not_if)
(up to date)
Recipe: letsencrypt::http_authorization
* letsencrypt_certificate[サイトドメイン] action create
* acme_certificate[staging] action create
* file[サイトドメイン SSL key] action create_if_missing (up to date)
================================================================================
Error executing action `create` on resource 'acme_certificate[staging]'
================================================================================
Acme::Client::Error::Unauthorized
---------------------------------
No registration exists matching provided key
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/libraries/acme.rb:48:in `acme_authz_for'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:69:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'
Resource Declaration:
---------------------
suppressed sensitive resource output
Compiled Resource:
------------------
suppressed sensitive resource output
System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=18.04
ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
================================================================================
Error executing action `create` on resource 'letsencrypt_certificate[サイトドメイン]'
================================================================================
Acme::Client::Error::Unauthorized
---------------------------------
acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: Acme::Client::Error::Unauthorized: No registration exists matching provided key
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/libraries/acme.rb:48:in `acme_authz_for'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:69:in `block (2 levels) in class_from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `map'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/providers/certificate.rb:68:in `block in class_from_file'
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb
3: letsencrypt_certificate site do
4: fullchain node['gitlab']['nginx']['ssl_certificate']
5: key node['gitlab']['nginx']['ssl_certificate_key']
6: notifies :run, "execute[reload nginx]", :immediate
7: notifies :run, 'ruby_block[display_le_message]'
8: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:3:in `from_file'
letsencrypt_certificate("サイトドメイン") do
action [:create]
default_guard_interpreter :default
declared_type :letsencrypt_certificate
cookbook_name "letsencrypt"
recipe_name "http_authorization"
fullchain "/etc/gitlab/ssl/サイトドメイン.crt"
key "/etc/gitlab/ssl/サイトドメイン.key"
alt_names []
cn "サイトドメイン"
end
System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=18.04
ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 05 seconds
There was an error renewing Let's Encrypt certificates, please checkout the output
グーグル先生に頼る!
「Acme::Client::Error::Unauthorized」
https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4656
acmeをアップグレードする必要あるとのこと
アップグレードする
$ sudo gitlab-ctl upgrade
省略!!!
_______ __ __ __
/ ____(_) /_/ / ____ _/ /_
/ / __/ / __/ / / __ `/ __ \
/ /_/ / / /_/ /___/ /_/ / /_/ /
\____/_/\__/_____/\__,_/_.___/
Upgrade complete! If your GitLab server is misbehaving try running
sudo gitlab-ctl restart
before anything else.
If you need to roll back to the previous version you can use the database
backup made during the upgrade (scroll up for the filename).
途中で証明書の更新エラーは起きるものの、、、モジュールは更新できたみたい
再度、証明書を更新してみる
$ sudo gitlab-ctl renew-le-certs
今度はエラーなく成功しました。
念の為、最後にgitlabを再起動してみる
$ sudo gitlab-ctl restart
ok: run: alertmanager: (pid 15088) 0s
ok: run: crond: (pid 15114) 1s
ok: run: gitaly: (pid 15122) 0s
ok: run: gitlab-monitor: (pid 15142) 0s
ok: run: gitlab-workhorse: (pid 15150) 1s
ok: run: logrotate: (pid 15165) 0s
ok: run: nginx: (pid 15172) 1s
ok: run: node-exporter: (pid 15254) 0s
ok: run: postgres-exporter: (pid 15274) 0s
ok: run: postgresql: (pid 15283) 1s
ok: run: prometheus: (pid 15303) 0s
ok: run: redis: (pid 15314) 1s
ok: run: redis-exporter: (pid 15373) 0s
ok: run: sidekiq: (pid 15408) 0s
ok: run: unicorn: (pid 15420) 1s
無事、ブラウザからもアクセスできる様になりました。
良かった
Author And Source
この問題について(gitlabでLet's Encryptの証明書を更新しようとすると失敗する時にやった事), 我々は、より多くの情報をここで見つけました https://qiita.com/kaihei777/items/309efe3892c13b423de1著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .