Linux
gitlab let's encrypt 갱신 에러
CHOMAN
2020. 1. 7. 12:50
ssl 인증서 갱신이 안되어 https 접근시 에러 발생
Recipe: letsencrypt::http_authorization
* letsencrypt_certificate[도메인] action create
* acme_certificate[staging] action create
* file[도메인 SSL key] action create_if_missing (up to date)
================================================================================
Error executing action `create` on resource 'acme_certificate[staging]'
================================================================================
Acme::Client::Error::Malformed
------------------------------
Method not allowed
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:77:in `block in class_from_file'
Resource Declaration:
---------------------
suppressed sensitive resource output
Compiled Resource:
------------------
suppressed sensitive resource output
System Info:
------------
chef_version=14.13.11
platform=centos
platform_version=7.6.1810
ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client ================================================================================
Error executing action `create` on resource 'letsencrypt_certificate[도메인]'
================================================================================
Acme::Client::Error::Malformed
------------------------------
acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:77:in `block in class_from_file'
Resource Declaration:
---------------------
# In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb
5: letsencrypt_certificate site do
6: crt node['gitlab']['nginx']['ssl_certificate']
7: key node['gitlab']['nginx']['ssl_certificate_key']
8: notifies :run, "execute[reload nginx]", :immediate
9: notifies :run, 'ruby_block[display_le_message]'
10: only_if { omnibus_helper.service_up?('nginx') }
11: end
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:5:in `from_file'
letsencrypt_certificate("도메인") do
action [:create]
default_guard_interpreter :default
declared_type :letsencrypt_certificate
cookbook_name "letsencrypt"
recipe_name "http_authorization"
crt "/etc/gitlab/ssl/도메인.crt"
key "/etc/gitlab/ssl/도메인"
alt_names []
cn "도메인"
only_if { #code block }
end
System Info:
------------
chef_version=14.13.11
platform=centos
platform_version=7.6.1810
ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 07 seconds
There was an error renewing Let's Encrypt certificates, please checkout the outputvim /opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb
주석 처리
# acme_certificate 'staging' do
# alt_names new_resource.alt_names unless new_resource.alt_names.empty?
# key_size new_resource.key_size unless new_resource.key_size.nil?
# group new_resource.group unless new_resource.group.nil?
# owner new_resource.owner unless new_resource.owner.nil?
# chain "#{new_resource.chain}-staging" unless new_resource.chain.nil?
# contact contact_info
# crt "#{new_resource.crt}-staging"
# cn new_resource.cn
# key "#{new_resource.key}-staging"
# dir 'https://acme-staging-v02.api.letsencrypt.org/directory'
# wwwroot new_resource.wwwroot
# sensitive true
# end원문 참고 링크
https://gitlab.com/gitlab-org/gitlab/issues/38255
https://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal