Written with help of this:
https://stackoverflow.com/questions/34189199/how-do-i-use-let-s-encrypt-with-gitlab
which is based on
https://webnugget.de/setting-up-gitlab-with-free-ssl-certs-from-lets-encrypt-on-ubuntu-14-04/
one more reference:
Done on Ubuntu, assumed gitlab and certbot installed.
- Create the folder /var/www/letsencrypt and use this directory as webroot-path for Let's Encrypt
- Use the webroot authenticator for Let's Encrypt (certbot -a webroot ...)
- Change the following config values in /etc/gitlab/gitlab.rb and run gitlab-ctl reconfigure after that:
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
nginx['custom_gitlab_server_config']="location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"
If you are using Mattermost which is shipped with the Omnibus package then you can additionally set these options in /etc/gitlab/gitlab.rb:
mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem"
mattermost_nginx['custom_gitlab_mattermost_server_config']="location ^~ /.well-known {\n alias /var/www/letsencrypt/.well-known;\n}\n"After requesting your first certificate remember to change the external_url to https://... and again run gitlab-ctl reconfigure
P.S
Letsencrypt integration introduced in GitLab version 10.5 and disabled by default. Enabled by default in GitLab version 10.7 and later if external_url is set with the https protocol and no certificates are configured.
To find out gitlabversion: You should be logged in to access the following page: https://your.domain.name/help