Replying to my own post since no one else is. :-) I had copied the new certificate over the old one expecting the gitlab-ctl reconfigure would pick it up. I was wrong. Even renaming the cert failed.
The solution was to change the name of the file in gitlab.rb to a file that didn't exist and run reconfigure. Of course, the restart failed. Then I fixed the file name in gitlab.rb and ran reconfigure. Boom! New cert! Now docker login works and I can use the registry. I hope this helps someone else. On Thursday, August 25, 2016 at 11:44:39 AM UTC-6, Randall Smith wrote: > > Greetings, > > I have an omnibus install of gitlab (8.11.0-ce.1). My original cert did > not include the certificate chain which is causing docker to complain about > the cert. I've updated the cert to include the certificate chain and ran > `gitlab-ctl reconfigure` but the certificate is not updated. I tried > deleting /var/opt/gitlab/registry/gitlab-registry.crt and then running > reconfigure. The certificate is recreated from the old certificate. > > I have this in /etc/gitlab/gitlab.rb (hostname in cert obfuscated) > > registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/hostname.crt" > registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/hostname.key" > > My first guess is that chef is caching the certificate but I can't figure > out how to clear that from the chef cache. > > What is the right way to update the registry certificate? > > Thanks > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to gitlabhq+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/b72b0ea3-8cca-437c-8dc9-7e35486b77af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
