Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
784dc7b1
Commit
784dc7b1
authored
Dec 17, 2021
by
Achilleas Pipinellis
Committed by
Craig Norris
Dec 17, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Redirect deprecated Let's Encrypt Pages docs to new page
parent
3f22cf61
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
5 additions
and
161 deletions
+5
-161
doc/user/project/pages/lets_encrypt_for_gitlab_pages.md
doc/user/project/pages/lets_encrypt_for_gitlab_pages.md
+5
-161
No files found.
doc/user/project/pages/lets_encrypt_for_gitlab_pages.md
View file @
784dc7b1
---
---
stage
:
Release
redirect_to
:
'
custom_domains_ssl_tls_certification/lets_encrypt_integration.md'
group
:
Release
remove_date
:
'
2022-03-14'
info
:
To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
description
:
"
How
to
secure
GitLab
Pages
websites
with
Let's
Encrypt
(manual
process,
deprecated)."
---
---
# Let's Encrypt for GitLab Pages (manual process, deprecated) **(FREE)**
This file was moved to
[
another location
](
custom_domains_ssl_tls_certification/lets_encrypt_integration.md
)
.
WARNING:
<!-- This redirect file can be deleted after <2022-03-14>
. -->
This method is still valid but was
**deprecated**
in favor of the
<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/#move-or-rename-a-page -->
[
Let's Encrypt integration
](
custom_domains_ssl_tls_certification/lets_encrypt_integration.md
)
introduced in GitLab 12.1.
If you have a GitLab Pages website served under your own domain,
you might want to secure it with a SSL/TLS certificate.
[
Let's Encrypt
](
https://letsencrypt.org
)
is a free, automated, and
open source Certificate Authority.
## Requirements
To follow along with this tutorial, we assume you already have:
-
[
Created a project
](
index.md#getting-started
)
in GitLab
containing your website's source code.
-
Acquired a domain (
`example.com`
) and added a
[
DNS entry
](
custom_domains_ssl_tls_certification/index.md#set-up-pages-with-a-custom-domain
)
pointing it to your Pages website.
-
[
Added your domain to your Pages project
](
custom_domains_ssl_tls_certification/index.md#steps
)
and verified your ownership.
-
Cloned your project into your computer.
-
Your website up and running, served under HTTP protocol at
`http://example.com`
.
## Obtaining a Let's Encrypt certificate
Once you have the requirements addressed, follow the instructions
below to learn how to obtain the certificate.
Note that these instructions were tested on macOS Mojave. For other operating systems the steps
might be slightly different. Follow the
[
CertBot instructions
](
https://certbot.eff.org/
)
according to your OS.
1.
On your computer, open a terminal and navigate to your repository's
root directory:
```
shell
cd
path/to/dir
```
1.
Install CertBot (the tool Let's Encrypt uses to issue certificates):
```
shell
brew
install
certbot
```
1.
Request a certificate for your domain (
`example.com`
) and
provide an email account (
`your@email.com`
) to receive notifications:
```
shell
sudo
certbot certonly
-a
manual
-d
example.com
--email
your@email.com
```
Alternatively, you can register without adding an email account,
but you aren't notified about the certificate expiration's date:
```
shell
sudo
certbot certonly
-a
manual
-d
example.com
--register-unsafely-without-email
```
NOTE:
Read through CertBot's documentation on their
[
command line options
](
https://eff-certbot.readthedocs.io/using.html#certbot-command-line-options
)
.
1.
You're prompted with a message to agree with their terms.
Press
`A`
to agree and
`Y`
to let they log your IP.
CertBot then prompts you with the following message:
```
shell
Create a file containing just this data:
Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP.HUGNKk82jlsmOOfphlt8Jy69iuglsn095nxOMH9j3Yb
And make it available on your web server at this URL:
http://example.com/.well-known/acme-challenge/Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP
Press Enter to Continue
```
1.
**Do not press Enter yet.**
Let's Encrypt needs to verify your
domain ownership before issuing the certificate. To do so, create 3
consecutive directories under your website's root:
`/.well-known/acme-challenge/Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP/`
and add to the last folder an
`index.html`
file containing the content
referred on the previous prompt message:
```
shell
Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP.HUGNKk82jlsmOOfphlt8Jy69iuglsn095nxOMH9j3Yb
```
Note that this file needs to be accessed under
`http://example.com/.well-known/acme-challenge/Rxnv6WKo95hsuLVX3osmT6LgmzsJKSaK9htlPToohOP`
to allow Let's Encrypt to verify the ownership of your domain,
therefore, it needs to be part of the website content under the
repository's
[
`public`
](
index.md#how-it-works
)
folder.
1.
Add, commit, and push the file into your repository in GitLab. Once the pipeline
passes, press
**Enter**
on your terminal to continue issuing your
certificate. CertBot then prompts you with the following message:
```
shell
Waiting
for
verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-03-12. To obtain a new or tweaked
version of this certificate
in
the future, simply run certbot
again. To non-interactively renew
*
all
*
of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let
's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
```
## Add your certificate to GitLab Pages
Now that your certificate has been issued, let's add it to your Pages site:
1.
Back at GitLab, navigate to your project's
**Settings > Pages**
,
find your domain and click
**Details**
and
**Edit**
to add your certificate.
1.
From your terminal, copy and paste the certificate into the first field
**Certificate (PEM)**
:
```
shell
sudo cat
/etc/letsencrypt/live/example.com/fullchain.pem | pbcopy
```
1.
Copy and paste the private key into the second field
**Key (PEM)**
:
```
shell
sudo cat
/etc/letsencrypt/live/example.com/privkey.pem | pbcopy
```
1.
Click
**Save changes**
to apply them to your website.
1.
Wait a few minutes for the configuration changes to take effect.
1.
Visit your website at
`https://example.com`
.
To force
`https`
connections on your site, navigate to your
project's
**Settings > Pages**
and check
**
Force HTTPS (requires
valid certificates)
**
.
## Renewal
Let's Encrypt certificates expire every 90 days and you must
renew them periodically. To renew all your certificates at once, run:
```
shell
sudo
certbot renew
```
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment