Setting up TLS/SSL certificate on Gitlab pages using Let’s Encrypt

AAEAAQAAAAAAAAiAAAAAJDQ0Mzc4ODZhLTJiYjUtNGNkNC1hODU2LTk2NWY2MDViY2E5Nw

Gitlab provides a very easy and effective way to host your static websites for free. You can follow this article to setup it up.

Gitlab allows you to add any custom domain to your hosted website. If you want to enable an HTTPS secure connection to your domains, you can affix your own SSL/TLS digital certificate to custom domain you’ve added to your website. This is where Let’s Encrypt comes in. Let’s Encrypt give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites.

This article will guide you to obtain a certificate for custom domain www.example.com and add it to your GitLab Pages.

Get Started

For generate certificate we will be using Certbot on our local machine in manual mode. To get started you need to install certbot. Please follow instructions available at https://certbot.eff.org to setup certbot locally.

Also, before continuing make sure you have configured gitlab.com. Once you have done it succesfullly, your website will be available under both http://YOURDOMAIN.org and https://YOURUSERNAME.gitlab.io

Once, both of the above steps are done, continue with generating certificates. For the purpose of this guide, i’ll be using 23spaces.com as the example domain. So, as per your setup please change 23spaces.com to your custom domain.

Please run following command.

$ certbot certonly -a manual -d 23spaces.com -d www.23spaces.com --config-dir ~/letsencrypt/config --work-dir ~/letsencrypt/work --logs-dir ~/letsencrypt/logs

This will give show you following screen.

screen-shot-2016-10-20-at-4-27-52-pm

After this you’ll see a warning screen, choose “Yes” and continue.

screen-shot-2016-10-20-at-4-25-56-pm

After you accept that your IP will be publicly logged, a message like the following will appear:

screen-shot-2016-10-20-at-4-26-11-pm

Now it is waiting for the server to be correctly configured so it can go on. Leave this terminal window open for now.

At this stage please make necessary changes and push latest code so that requested content is available. After making sure you can press Enter in terminal. You will then see following screen.

screen-shot-2016-10-20-at-4-26-39-pm

And finally.

screen-shot-2016-10-20-at-4-27-05-pm

After this you need to paste the contents of /etc/letsencrypt/live/23spaces.com/fullchain.pem (you might need sudo to read the file) to the “Certificate (PEM)” field and /etc/letsencrypt/live/23spaces.com/privkey.pem to the “Key (PEM)” field.

pasted-image

You are all set. Now, you should be able to access your website on https://

$ curl -vX HEAD https://www.23spaces.com
Warning: Setting custom HTTP method to HEAD with -X/--request may not work the
Warning: way you want. Consider using -I/--head instead.
* Rebuilt URL to: https://www.23spaces.com/
*   Trying 104.208.235.32...
* Connected to www.23spaces.com (104.208.235.32) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: 23spaces.com
* Server certificate: Let's Encrypt Authority X3
* Server certificate: DST Root CA X3

Whole process of this setup is very easy, and since its also free, I see no reason not to do it.

Leave a Reply