GitLab on CentOS – server certificate verification failed
If you followed this recipe to install GitLab on CentOS, you may have some problems Actually the recommended shell for git user is /sbin/nologin but that didn’t work for me. I had to set /bin/bash as shell with
# usermod -s /bin/bash git
Also, if you find some problems with update hook (enabled by default), try this
# mv update update.sample1
(Rename update to update.sample1 will disable update hook) The biggest problem I had was the certificate. Here and there you’ll find the “solution” (“git config http.sslVerify false” or “export GIT_SSL_NO_VERIFY=1″) which I don’t recommend.
git clone https://git.MYDOMAIN.com/root/MYPROJECT.git Cloning into 'MYPROJECT'... error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://git.MYDOMAIN.com/root/MYPROJECT.git/info/refs?service=git-upload-pack fatal: HTTP request failed
Since I’m using self signed certificate, the clone process failed. To solve this problem you should add server crt into /etc/ssl/certs/ca-certificates.crt on your host. As root:
cd /usr/share/ca-certificates/ mkdir git.MYDOMAIN.com cd git.MYDOMAIN.com scp git.MYDOMAIN.com:/path/to/cert.crt . vi /etc/ca-certificates.conf
Add “git.MYDOMAIN.com/cert.crt” into ca-certificate.conf, save file and execute
You should get something like
Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d.... Adding debian:git.MYDOMAIN.com.pem done. done.
Try to clone project again:
git clone https://git.MYDOMAIN.com/root/MYPROJECT.git Cloning into 'MYPROJECT'... Username for 'https://git.MYDOMAIN.com': [email protected] Password for 'https:[email protected]@git.MYDOMAIN.com': remote: Counting objects: 12, done. remote: Compressing objects: 100% (6/6), done. remote: Total 12 (delta 1), reused 0 (delta 0) Unpacking objects: 100% (12/12), done.