Gitlab allows you to add any custom domain to your hosted website. If you want to enable an HTTPS secure connection to your domains, you can affix your own SSL/TLS digital certificate to custom domain you’ve added to your website. This is where Let’s Encrypt comes in. Let’s Encrypt give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites.
This article will guide you to obtain a certificate for custom domain
www.example.com and add it to your GitLab Pages.
For generate certificate we will be using Certbot on our local machine in manual mode. To get started you need to install certbot. Please follow instructions available at https://certbot.eff.org to setup certbot locally.
Also, before continuing make sure you have configured gitlab.com. Once you have done it succesfullly, your website will be available under both
Once, both of the above steps are done, continue with generating certificates. For the purpose of this guide, i’ll be using 23spaces.com as the example domain. So, as per your setup please change 23spaces.com to your custom domain.
Please run following command.
$ certbot certonly -a manual -d 23spaces.com -d www.23spaces.com --config-dir ~/letsencrypt/config --work-dir ~/letsencrypt/work --logs-dir ~/letsencrypt/logs
This will give show you following screen.
After this you’ll see a warning screen, choose “Yes” and continue.
After you accept that your IP will be publicly logged, a message like the following will appear:
Now it is waiting for the server to be correctly configured so it can go on. Leave this terminal window open for now.
At this stage please make necessary changes and push latest code so that requested content is available. After making sure you can press Enter in terminal. You will then see following screen.
After this you need to paste the contents of
/etc/letsencrypt/live/23spaces.com/fullchain.pem (you might need sudo to read the file) to the “Certificate (PEM)” field and
/etc/letsencrypt/live/23spaces.com/privkey.pem to the “Key (PEM)” field.
You are all set. Now, you should be able to access your website on https://
$ curl -vX HEAD https://www.23spaces.com Warning: Setting custom HTTP method to HEAD with -X/--request may not work the Warning: way you want. Consider using -I/--head instead. * Rebuilt URL to: https://www.23spaces.com/ * Trying 126.96.36.199... * Connected to www.23spaces.com (188.8.131.52) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: 23spaces.com * Server certificate: Let's Encrypt Authority X3 * Server certificate: DST Root CA X3
Whole process of this setup is very easy, and since its also free, I see no reason not to do it.