gitlab pages : special webroot for certbot challenges

Question

I'm trying to tweak GitLab Pages (10.8.2) with the objective to have its Pages domain (example.io) TLS enabled with Let's Encrypt.

I have a working Pages setup on regular HTTP with :

pages_external_url "http://example.io"

The ideas I found on Google is to provide the following to serve the certbot challenges:

pages_nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/letsencrypt; }"

Then issuing gitlab-ctl reconfigure

Then I create a test file at /var/www/letsencrypt/bla and try to access it with a browser at http://example.io/.well-known/bla with no success : I get a 301 and redirected to the main GitLab domain at https://example.ltd/.well-known/bla (the main GitLab is already TLS enabled).

What do I miss here ?

score 0 · Accepted Answer · answered Jun 15 '18 at 09:29

First of all, as stated about ACME

wildcard domains must be validated using the DNS-01 challenge type

so trying to setup a webroot for *.example.io challenges is useless.

Second, with the Nginx setup above, the file is rather expected at /var/www/letsencrypt/.well-known/bla

gitlab pages : special webroot for certbot challenges

1 Answers1