gitlab let's encrypt 갱신 에러

ssl 인증서 갱신이 안되어 https 접근시 에러 발생

Recipe: letsencrypt::http_authorization
  * letsencrypt_certificate[도메인] action create
    * acme_certificate[staging] action create
      * file[도메인 SSL key] action create_if_missing (up to date)

      ================================================================================
      Error executing action `create` on resource 'acme_certificate[staging]'
      ================================================================================

      Acme::Client::Error::Malformed
      ------------------------------
      Method not allowed

      Cookbook Trace:
      ---------------
      /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:77:in `block in class_from_file'

      Resource Declaration:
      ---------------------
      suppressed sensitive resource output

      Compiled Resource:
      ------------------
      suppressed sensitive resource output

      System Info:
      ------------
      chef_version=14.13.11
      platform=centos
      platform_version=7.6.1810
      ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
      program_name=/opt/gitlab/embedded/bin/chef-client
      executable=/opt/gitlab/embedded/bin/chef-client

 ================================================================================
    Error executing action `create` on resource 'letsencrypt_certificate[도메인]'
    ================================================================================

    Acme::Client::Error::Malformed
    ------------------------------
    acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed

    Cookbook Trace:
    ---------------
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:77:in `block in class_from_file'

    Resource Declaration:
    ---------------------
    # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb

      5: letsencrypt_certificate site do
      6:   crt node['gitlab']['nginx']['ssl_certificate']
      7:   key node['gitlab']['nginx']['ssl_certificate_key']
      8:   notifies :run, "execute[reload nginx]", :immediate
      9:   notifies :run, 'ruby_block[display_le_message]'
     10:   only_if { omnibus_helper.service_up?('nginx') }
     11: end

    Compiled Resource:
    ------------------
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:5:in `from_file'

    letsencrypt_certificate("도메인") do
      action [:create]
      default_guard_interpreter :default
      declared_type :letsencrypt_certificate
      cookbook_name "letsencrypt"
      recipe_name "http_authorization"
      crt "/etc/gitlab/ssl/도메인.crt"
      key "/etc/gitlab/ssl/도메인"
      alt_names []
      cn "도메인"
      only_if { #code block }
    end

    System Info:
    ------------
    chef_version=14.13.11
    platform=centos
    platform_version=7.6.1810
    ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
    program_name=/opt/gitlab/embedded/bin/chef-client
    executable=/opt/gitlab/embedded/bin/chef-client


Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 07 seconds
There was an error renewing Let's Encrypt certificates, please checkout the output

vim /opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb

주석 처리

#  acme_certificate 'staging' do
#    alt_names new_resource.alt_names unless new_resource.alt_names.empty?
#    key_size new_resource.key_size unless new_resource.key_size.nil?
#    group new_resource.group unless new_resource.group.nil?
#    owner new_resource.owner unless new_resource.owner.nil?
#    chain "#{new_resource.chain}-staging" unless new_resource.chain.nil?
#    contact contact_info
#    crt "#{new_resource.crt}-staging"
#    cn new_resource.cn
#    key "#{new_resource.key}-staging"
#    dir 'https://acme-staging-v02.api.letsencrypt.org/directory'
#    wwwroot new_resource.wwwroot
#    sensitive true
#  end

원문 참고 링크

https://gitlab.com/gitlab-org/gitlab/issues/38255
https://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal