个人中心
gpt4 book ai didi

gitlab letencrypt http_authorization 错误

转载 作者:行者123 更新时间:2023-12-03 18:28:38 38 4
gpt4 key购买 nike

我最近在我的 Ubuntu 服务器上安装了 Gitlab CE。我想要运行 Gitlab 的域是 https://git.mydomain.com (这是一个示例 URL),所以我更喜欢使用 Lets Encrypt 在服务器上启用 SSL。
在安装结束时,我收到此错误:

Running handlers:
There was an error running gitlab-ctl reconfigure:

letsencrypt_certificate[git.mydomain.com] (letsencrypt::http_authorization line 5) had an error: Acme::Client::Error::Malformed: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: Acme::Client::Error::Malformed: Method not allowed

我已经阅读了很多页面来找到解决方案,但没有一个没有用。你能帮我在这个 Gitlab 实例上激活 SSL 吗?

最佳答案

这不是仅限于您的情况的问题。

最近的 2019 年 12 月 gitlab-org/gitlab issue 38255 (现在 gitlab-org/omnibus-gitlab issue 4900 为很多人描述了同样的问题。

For others who may face the same problem, you should comment out all the block mentioned by @Azylog , including the acme_certificate 'staging' and end lines

But it's a serious lack of conformity to the Let's Encrypt announcements. If method is not changed to POST-as-GET before November 1st, 2020, even the production certificate won't be issued and this workaround won't be any use.



这与 ACME v2 - Scheduled deprecation of unauthenticated resource GETs有关,从昨天开始活跃。

After Dec 4th, unauthenticated HTTP GET requests to ACME v2 resource URLs will return HTTP status code of 405 “method not allowed” and a body containing a JSON problem with type “urn:ietf:params:acme:error:malformed”.

POST-as-GET requests authenticated by a signature from an account other than the creating account will return an HTTP status code of 403 “forbidden” and a body containing a JSON problem with type “urn:ietf:params:acme:error:unauthorized”.



注: unixcharles/acme-client 2.0.5 将使用 POST-as-GET ,这应该可以解决这个问题。
merge request 3782显示 GitLab Omnibus 的下一个版本 12.6 将使用 acme-client 2.0.5。
This will be backported进入 12.2.x 到 12.5.x 的下一个版本

当前的解决方法,由 Ahmed Mo7eb :: أحمد محب 提出:

  1. delete old certificate from ssl folder
  2. install Cerbot "manually" (#sudo certbot certonly -a manual) &
    (You must make port 80 and 443 available in firewall)
  3. write your Domain name in order
  4. go to: /var/opt/gitlab/nginx/www/.well-known/acme-challenge/
    "Create file with the name that appeared"
  5. press Enter
  6. Congratulation!


Update January 2020 :这应该适用于 GitLab 12.6.2。
无需打补丁 certificated.rb了。

Mohammad Saberi添加 in the comments (1月15日,一个多月后):

Finally, I could activate LetsEncrypt SSL on Gitlab 12.6.4, but with disabling staging part of certificate.rb.

关于gitlab letencrypt http_authorization 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59239820/

38 4 0
文章推荐: snowflake-cloud-data-platform - 查询以获取雪花数据库中所有表的行数
文章推荐: python-3.x - 导入错误 : cannot import name 'evaluate' ( from surprise import evaluate )
文章推荐: github-actions - 如何在一个 repo 中合并两个 action.yml 文件?
文章推荐: python - 如何避免使用全局变量?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com