티스토리 뷰

Linux

gitlab let's encrypt 갱신 에러

초보의 CHOMAN 2020. 1. 7. 12:50

ssl 인증서 갱신이 안되어 https 접근시 에러 발생

Recipe: letsencrypt::http_authorization
  * letsencrypt_certificate[도메인] action create
    * acme_certificate[staging] action create
      * file[도메인 SSL key] action create_if_missing (up to date)

      ================================================================================
      Error executing action `create` on resource 'acme_certificate[staging]'
      ================================================================================

      Acme::Client::Error::Malformed
      ------------------------------
      Method not allowed

      Cookbook Trace:
      ---------------
      /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:77:in `block in class_from_file'

      Resource Declaration:
      ---------------------
      suppressed sensitive resource output

      Compiled Resource:
      ------------------
      suppressed sensitive resource output

      System Info:
      ------------
      chef_version=14.13.11
      platform=centos
      platform_version=7.6.1810
      ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
      program_name=/opt/gitlab/embedded/bin/chef-client
      executable=/opt/gitlab/embedded/bin/chef-client
 ================================================================================
    Error executing action `create` on resource 'letsencrypt_certificate[도메인]'
    ================================================================================

    Acme::Client::Error::Malformed
    ------------------------------
    acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed

    Cookbook Trace:
    ---------------
    /opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb:77:in `block in class_from_file'

    Resource Declaration:
    ---------------------
    # In /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb

      5: letsencrypt_certificate site do
      6:   crt node['gitlab']['nginx']['ssl_certificate']
      7:   key node['gitlab']['nginx']['ssl_certificate_key']
      8:   notifies :run, "execute[reload nginx]", :immediate
      9:   notifies :run, 'ruby_block[display_le_message]'
     10:   only_if { omnibus_helper.service_up?('nginx') }
     11: end

    Compiled Resource:
    ------------------
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:5:in `from_file'

    letsencrypt_certificate("도메인") do
      action [:create]
      default_guard_interpreter :default
      declared_type :letsencrypt_certificate
      cookbook_name "letsencrypt"
      recipe_name "http_authorization"
      crt "/etc/gitlab/ssl/도메인.crt"
      key "/etc/gitlab/ssl/도메인"
      alt_names []
      cn "도메인"
      only_if { #code block }
    end

    System Info:
    ------------
    chef_version=14.13.11
    platform=centos
    platform_version=7.6.1810
    ruby=ruby 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
    program_name=/opt/gitlab/embedded/bin/chef-client
    executable=/opt/gitlab/embedded/bin/chef-client


Running handlers:
Running handlers complete
Chef Client failed. 0 resources updated in 07 seconds
There was an error renewing Let's Encrypt certificates, please checkout the output

vim /opt/gitlab/embedded/cookbooks/letsencrypt/resources/certificate.rb

주석 처리

#  acme_certificate 'staging' do
#    alt_names new_resource.alt_names unless new_resource.alt_names.empty?
#    key_size new_resource.key_size unless new_resource.key_size.nil?
#    group new_resource.group unless new_resource.group.nil?
#    owner new_resource.owner unless new_resource.owner.nil?
#    chain "#{new_resource.chain}-staging" unless new_resource.chain.nil?
#    contact contact_info
#    crt "#{new_resource.crt}-staging"
#    cn new_resource.cn
#    key "#{new_resource.key}-staging"
#    dir 'https://acme-staging-v02.api.letsencrypt.org/directory'
#    wwwroot new_resource.wwwroot
#    sensitive true
#  end

원문 참고 링크

https://gitlab.com/gitlab-org/gitlab/issues/38255
https://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal

'Linux' 카테고리의 다른 글

yum rpm 세그멘테이션 오류  (0) 2020.01.22
centos 8 + php 7.4 remi  (0) 2020.01.14
gitlab let's encrypt 갱신 에러  (0) 2020.01.07
자빅스 서버 설치 (zabbix server install)  (0) 2019.12.12
geoip city 아이피 대역 뽑아 보기  (0) 2019.11.26
clamav 설치 with centos6  (0) 2019.11.05
댓글
댓글쓰기 폼