Hello,
Maybe someone had the same issue and can provide me with a solution.
I have my Own hosted Gitlab server and I would like to use it under Cloudflare.
The thing is I changed a configuration:
/etc/gitlab/gitlab.rb
After that I did:
nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/www.domain.tld.crt”
nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/www.domain.tld.key”
Copied the crt and key from Cloudflare
and did:sudo gitlab-ctl reconfigure
When I spoof hosts I can see:
I see invalid SSL, that is generated by Cloudflare and owner is Cloudflare.
When I do this:
curl -svo /dev/null --resolve www.domain.ltd:443:SERVER_IP https://www.domain.ltd
I get:
- Added www.domain.ltd:SERVER_IP to DNS cache
- About to connect() to www.domain.ltd port 443 (#0)
- Trying SERVER_IP…
- Connected to www.domain.ltd (SERVER_IP) port 443 (#0)
- Initializing NSS with certpath: sql:/etc/pki/nssdb
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none - Server certificate:
-
subject: CN=CloudFlare Origin Certificate,OU=CloudFlare Origin CA,O="CloudFlare, Inc." -
start date: May 28 12:16:00 2020 GMT -
expire date: May 25 12:16:00 2035 GMT -
common name: CloudFlare Origin Certificate -
issuer: ST=California,L=San Francisco,OU=CloudFlare Origin SSL Certificate Authority,O="CloudFlare, Inc.",C=US - NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
- Peer’s Certificate issuer is not recognized.
- Closing connection 0
But when I use dirrect:
Error 526 Ray ID: 59a868045995b4c0 • 2020-05-28 13:43:44 UTC
Invalid SSL certificate
I have set SSL to strict.
Can anyone please advise on how to resolve this issue?
Thanks.