[DRE-maint] Bug#917084: gitlab: Gitlab - Letsencrypt not renewing correctly
David L
er_maqui at darkbolt.net
Sat Dec 22 10:42:00 GMT 2018
Package: gitlab
Version: 11.5.4+dfsg-1
Severity: normal
Hi,
I've detected certbot cannot renew gitlab certificate correctly.
The certificate creation has been done by gitlab & certbot on the gitlab installation. Now, trying to renew certificate, certbot gives an error:
- The following errors were reported by the server:
Domain: git.example.com
Type: unauthorized
Detail: Invalid response from
http://git.example.com/.well-known/acme-challenge/ovA3oeVF7G6Ju9oGumay12a6juyWVCrq8TJxyLpI5LQ:
"<!DOCTYPE html>\n<html class=\"devise-layout-html\">\n<head
prefix=\"og: http://ogp.me/ns#\">\n<meta charset=\"utf-8\">\n<meta
content=\"IE"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I know IPs are correct. I think the error are at least present since 11.1, because if my certificate have expired today, the first try to renew will be a month ago (with 11.1 or 11.2 installed).
¿Maybe the problem appears on update between 10 and 11? My last renew has been done on September 23.
Thanks,
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.23-xxxx-grs-ipv6-64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gitlab depends on:
ii asciidoctor 1.5.8-1
ii bc 1.07.1-2+b1
ii bundler 1.16.1-3
ii bzip2 1.0.6-9
ii dbconfig-pgsql 2.0.11
ii debconf [debconf-2.0] 1.5.69
ii exim4-daemon-light [mail-transport-agent] 4.91-9
ii gitlab-common 11.5.5+dfsg-1
ii gitlab-shell 8.4.3+dfsg1-1
ii gitlab-workhorse 7.6.0+debian-1
ii lsb-base 10.2018112800
ii nginx 1.14.2-1
ii nginx-full [nginx] 1.14.2-1
ii nodejs 8.11.2~dfsg-1
ii npm 5.8.0+ds6-2
ii openssh-client 1:7.9p1-4
ii postgresql-client 11+198
ii postgresql-client-10 [postgresql-client] 10.5-1
ii postgresql-client-11 [postgresql-client] 11.1-1+b2
ii postgresql-contrib 11+198
ii rake 12.3.1-3
ii redis-server 5:5.0.3-2
ii ruby 1:2.5.1
ii ruby-ace-rails-ap 4.1.1-1
ii ruby-acts-as-taggable-on 5.0.0-2
ii ruby-addressable 2.5.2-1
ii ruby-akismet 2.0.0-1
ii ruby-arel 6.0.4-1
ii ruby-asana 0.6.0-1
ii ruby-asciidoctor-plantuml 0.0.8-1
ii ruby-attr-encrypted 3.1.0-1
ii ruby-babosa 1.0.2-2
ii ruby-base32 0.3.2-3
ii ruby-batch-loader 1.2.2-1
ii ruby-bcrypt-pbkdf 1.0.0-2
ii ruby-bootstrap-form 2.7.0-1
ii ruby-browser 2.5.3-1
ii ruby-carrierwave 1.2.3-1
ii ruby-charlock-holmes 0.7.6-1
ii ruby-chronic 0.10.2-3
ii ruby-chronic-duration 0.10.6-1
ii ruby-commonmarker 0.17.9-1
ii ruby-connection-pool 2.2.2-1
ii ruby-creole 0.5.0-2
ii ruby-default-value-for 3.1.0-1
ii ruby-device-detector 1.0.1-2
ii ruby-devise 4.4.3-1
ii ruby-devise-two-factor 3.0.3-1
ii ruby-diffy 3.2.1-1
ii ruby-doorkeeper 4.4.2-1
ii ruby-doorkeeper-openid-connect 1.5.2-1
ii ruby-ed25519 1.2.4-1
ii ruby-email-reply-trimmer 0.1.6-1
ii ruby-escape-utils 1.2.1-1+b1
ii ruby-excon 0.60.0-1
ii ruby-faraday 0.13.1-2
ii ruby-fast-blank 1.0.0-1+b1
ii ruby-flipper 0.13.0-3
pn ruby-flipper-active-record <none>
pn ruby-flipper-active-support-cache-store <none>
ii ruby-flowdock 0.7.1-1
ii ruby-fog-aliyun 0.2.0-1
ii ruby-fog-aws 2.0.1-1
ii ruby-fog-core 1.45.0-2
ii ruby-fog-google 1.8.1-2
ii ruby-fog-local 0.3.0-1
ii ruby-fog-openstack 0.1.6-4
ii ruby-fog-rackspace 0.1.1-4
ii ruby-fogbugz 0.2.1-3
ii ruby-font-awesome-rails 4.7.0.4-1
ii ruby-gemojione 3.3.0-1
ii ruby-gettext-i18n-rails 1.8.0-1
ii ruby-gettext-i18n-rails-js 1.3.0+dfsg-2
pn ruby-gitaly-proto <none>
ii ruby-github-markup 1.7.0+dfsg-2
ii ruby-gitlab-sidekiq-fetcher 0.3.0-1
ii ruby-gon 6.2.1-1
ii ruby-google-api-client 0.23.4-2
ii ruby-google-protobuf 3.6.1.3-1
ii ruby-gpgme 2.0.18-1
ii ruby-grape 1.1.0-1
ii ruby-grape-entity 0.7.1-1
ii ruby-grape-logging 1.7.0-1
ii ruby-grape-path-helpers 1.0.6-1
ii ruby-graphiql-rails 1.4.10-1
ii ruby-graphql 1.8.4-1
ii ruby-grpc 1.16.1-1
ii ruby-hamlit 2.8.8-1
ii ruby-hangouts-chat 0.0.5-1
ii ruby-hashie-forbidden-attributes 0.1.1-1
ii ruby-health-check 2.6.0-1
ii ruby-hipchat 1.5.2-3
ii ruby-html-pipeline 2.8.4-1
ii ruby-html2text 0.2.0-1
ii ruby-httparty 0.16.2+dfsg1-2
ii ruby-icalendar 2.4.1-2
ii ruby-influxdb 0.2.3-2
ii ruby-jira 1.5.0-1
ii ruby-jquery-atwho-rails 1.3.2-2
ii ruby-js-regex 3.1.1-1
ii ruby-jwt 1.5.6-1
ii ruby-kaminari 1.0.1-4
ii ruby-kgio 2.11.2-1+b1
ii ruby-kubeclient 3.1.2-1
ii ruby-licensee 8.9.2-1
ii ruby-lograge 0.10.0-1
ii ruby-loofah 2.2.2-1
ii ruby-mail-room 0.9.1-2
ii ruby-method-source 0.9.2-1
ii ruby-mini-magick 4.8.0-2
ii ruby-net-ldap 0.16.1-1
ii ruby-net-ssh 1:5.0.2-2
ii ruby-nokogiri 1.8.4-1
ii ruby-ntlm 0.6.1-2
ii ruby-oauth2 1.4.0-3
ii ruby-octokit 4.12.0-1
ii ruby-omniauth 1.8.1-1
ii ruby-omniauth-auth0 2.0.0-1
ii ruby-omniauth-authentiq 0.3.3-1
ii ruby-omniauth-azure-oauth2 0.0.9-2
ii ruby-omniauth-cas3 1.1.4-2
ii ruby-omniauth-crowd 2.4.0-1
ii ruby-omniauth-facebook 4.0.0-2
ii ruby-omniauth-github 1.3.0-1
ii ruby-omniauth-gitlab 1.0.2-1
ii ruby-omniauth-google-oauth2 0.5.3-1
ii ruby-omniauth-kerberos 0.3.0-3
ii ruby-omniauth-ldap 2.0.4-2
ii ruby-omniauth-oauth2-generic 0.2.2-1
ii ruby-omniauth-saml 1.10.0-1
ii ruby-omniauth-shibboleth 1.3.0-1
ii ruby-omniauth-twitter 1.4.0-1
ii ruby-org 0.9.12-2
ii ruby-parser 3.11.0-1
ii ruby-peek 1.0.1-1
ii ruby-peek-gc 0.0.2-1
ii ruby-peek-pg 1.3.0-1
ii ruby-peek-rblineprof 0.2.0-1
ii ruby-peek-redis 1.2.0-1
ii ruby-pg 0.19.0-2+b1
ii ruby-posix-spawn 0.3.13-2+b1
ii ruby-premailer-rails 1.9.7-1
ii ruby-prof 0.17.0+dfsg-3+b1
ii ruby-progressbar 1.9.0-2
ii ruby-prometheus-client-mmap 0.9.4-1
ii ruby-rack-attack 4.4.1-1
ii ruby-rack-cors 1.0.2-1
ii ruby-rack-oauth2 1.9.2-1
ii ruby-rack-proxy 0.6.1-2
ii ruby-rack-test 0.7.0-1
ii ruby-rails 2:4.2.10-1
ii ruby-rails-deprecated-sanitizer 1.0.3-3
ii ruby-rails-dom-testing 1.0.6-2
ii ruby-rails-i18n 4.0.9-1
ii ruby-rainbow 3.0.0-2
ii ruby-raindrops 0.19.0-1+b2
ii ruby-rbtrace 0.4.10-1
ii ruby-re2 1.1.1-2+b2
ii ruby-recaptcha 4.11.1-1
ii ruby-redcarpet 3.4.0-4+b1
ii ruby-redcloth 4.3.2-3+b1
ii ruby-redis 3.3.5-1
ii ruby-redis-namespace 1.6.0-1
ii ruby-redis-rails 5.0.2-3
ii ruby-request-store 1.3.0-1
ii ruby-responders 2.4.0-2
ii ruby-rouge 3.2.1-1
ii ruby-rqrcode-rails3 0.1.7-1
ii ruby-rufus-scheduler 3.4.2-1
ii ruby-rugged 0.27.4+ds-1
ii ruby-sanitize 4.6.6-1
ii ruby-sass 3.5.3-1
ii ruby-sass-rails 5.0.6-2
ii ruby-seed-fu 2.3.7-1
ii ruby-select2-rails 3.5.9.3-2
ii ruby-sentry-raven 2.7.4-1
ii ruby-settingslogic 2.0.9-3
ii ruby-sidekiq 5.2.3+dfsg-1
ii ruby-sidekiq-cron 0.6.3-5
ii ruby-slack-notifier 1.5.1-2
ii ruby-sprockets 3.7.2-1
ii ruby-sshkey 1.9.0-1
ii ruby-state-machines-activerecord 0.5.1-2
ii ruby-sys-filesystem 1.1.7-2
ii ruby-task-list 2.0.0-2
ii ruby-toml-rb 1.0.0-2
ii ruby-truncato 0.7.9-2
ii ruby-u2f 0.2.1-2
ii ruby-uglifier 2.7.2+dfsg-2
ii ruby-unf 0.1.4-2
ii ruby-unf-ext 0.0.7.5-1
ii ruby-unicorn-worker-killer 0.4.4-1
ii ruby-validates-hostname 1.0.7-1
ii ruby-version-sorter 2.1.0+dfsg-1+b2
ii ruby-virtus 1.0.5-3
ii ruby-vmstat 2.3.0-2+b1
ii ruby-webpack-rails 0.9.11+git-1
ii ruby-wikicloth 0.8.1+dfsg-4
ii ucf 3.0038+nmu1
ii unicorn 5.4.0-1+b1
Versions of packages gitlab recommends:
ii certbot 0.28.0-1
ii gitaly 0.129.0+debian-3
gitlab suggests no packages.
-- debconf information:
* gitlab/dbconfig-reinstall: false
* gitlab/letsencrypt: true
* gitlab/ssl: true
* gitlab/remote/host: localhost
More information about the Pkg-ruby-extras-maintainers
mailing list