Confconsole / GitLab appliance issue with Let's Encrypt certificate setup.

[JedMeister]

Via Confconsole, TurnKey appliances support getting free Let's Encrypt HTTPS certificates. That generally works great and by default allows appliances to use a single cert to provide all HTTPS services (inc Webmin and Webshell).

However, on the GitLab appliance we install GitLab via their "Omnibus" installer which includes a bundled Let's Encrypt client and a different workflow for generating certs. I did initially try to work around that and use our own Let's Encrypt setup, I tried to leverage it via a custom Confconsole plugin.

It has been reported that it doesn't work as intended. Here's the exact text:

The gitlab-ctl reconfigure can't issue a certificate if letsencrypt['auto_renew'] = true. What I found is if letsencrypt['auto_renew'] = true, then letsencrypt['contact_emails'] needs be set with the an email, plus the time for renew needs be set too via letsencrypt['auto_renew_hour'], letsencrypt['auto_renew_minute'] & letsencrypt['auto_renew_day_of_month'].

i think it's better comment the lines 143 and 144 on the GitLab custom plugin

[JedMeister]

I'm unclear whether this is still an issue or not. Moving to 18.0 milestone for checking and closing either way.

[JedMeister]

Oops, somehow this got overlooked in v18.x releases to date?!

We did make some significant changes to the GitLab Let's Encrypt confconsole plugin - see here

But rereading this (particularly the comment I quoted) and looking at the current code, I think this still needs to be applied/addressed!