GitLab Pages custom domains and SSL Certificates with Let's Encrypt
In this post we will talk about HTTPS and how to add it to your GitLab Pages site with Let’s Encrypt.
Tutorial: Securing your GitLab Pages with TLS and Let’s Encrypt, GitLab
more info on GitLab Pages custom domains and SSL/TLS Certificates, GitLab
Step by step
Install letsencrypt
method 1: certbot
On Ubuntu systems, the Certbot team maintains a PPA. You can add it to your list of repositories and install Certbot by running the following commands.
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-apache
via: certbot
method 2: git
We begin with downloading the letsencrypt-auto utility. Open a new terminal window and type:
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
Generate a certificate
Since we are running on GitLab’s servers instead, we have to do a bit of manual work:
./letsencrypt-auto certonly -a manual -d www.example.org
After you accept that your IP will be publicly logged, a message like the following will appear:
Make sure your web server displays the following content at
http://www.example.org/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM
before continuing:
5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.ewlbSYgvIxVOqiP1lD2zeDKWBGEZMRfO_4kJyLRP_4U
#
# output omitted
#
Press ENTER to continue
Now it is waiting for the server to be correctly configured so it can go on. Leave this terminal window open for now.
Upload verification token
So, the goal is to the make our already-published static website return said token when said URL is requested. That’s easy: create a custom page! Just create a file in your blog folder that looks like this:
---
layout: null
permalink: /.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM
---
5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.ewlbSYgvIxVOqiP1lD2zeDKWBGEZMRfO_4kJyLRP_4U
Update Gitlab Pages certificate
Now we just need to upload the certificate and the key to GitLab.
Inside your project, go to Settings -> Pages -> [Details] -> [Edit] , now you’ll also upload the TLS certificate.
Paste the contents of /etc/letsencrypt/live/www.example.org/fullchain.pem (you’ll need sudo to read the file) to the “Certificate (PEM)” field.
And /etc/letsencrypt/live/www.example.org/privkey.pem (also needs sudo) to the “Key (PEM)” field.
Check it works
And you’re done! You now have a fully working HTTPS website:
curl -vX HEAD https://www.example.org/
#
# starting connection
#
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate: www.example.org
* Server certificate: Lets Encrypt Authority X3
* Server certificate: DST Root CA X3
Done!
Related posts by tag
- 07 Nov 2024 daisyUI — Tailwind CSS Components
- 04 Mar 2024 Using personal gems with Bundle without bothering your colleagues.
- 12 Jul 2023 Protomaps - A serverless system for planet-scale maps