With Let’s Encrypt and Synology, we need to take an extra step to setup certificates in the Gitlab persistent data.
First off, the synology certificates seem to be at
Also, the gitlab
certs directory should be placed at
Three files are required in all,
dhparam.pem. If any of them does not exist, it won’t work.
Generate dhparam.pem by referring to the github info.
openssl dhparam -dsaparam -out dhparam.pem 2048
Also append the
gitlab.crt. Change the name of
Thus in the end you’ll have the following three files:
Restart the gitlab container, and you should check to see if you get a certificate not found error. If you don’t, then you should be set to go 🙂
Note: synology also has the dh-param files ready. (It takes very long to generate the file, I generated it on my workstation and ferried it over). Anwyays, you can find the synology generated files in the following path:
Update: When you a SSL certification verification failed error
When using the
HTTPS protocol the SSL verification sometimes seems to fail. The reason seems to be
gnuTLS being picky about the order of the certificates.
fatal: unable to access ‘https://hostname:port/username/repo.git’ server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Thus instead of the order that is shown in P.Behnke‘s blog, reverse the order of the fullchain and cert as follows:
$ cat fullchain.crt cert.pem > gitlab.crt
After restarting the docker containers, all seems to work.