Via Confconsole, TurnKey appliances support getting free Let's Encrypt HTTPS certificates. That generally works great and by default allows appliances to use a single cert to provide all HTTPS services (inc Webmin and Webshell).
However, on the GitLab appliance we install GitLab via their "Omnibus" installer which includes a bundled Let's Encrypt client and a different workflow for generating certs. I did initially try to work around that and use our own Let's Encrypt setup, I tried to leverage it via a custom Confconsole plugin.
It has been reported that it doesn't work as intended. Here's the exact text:
The gitlab-ctl reconfigure can't issue a certificate if letsencrypt['auto_renew'] = true. What I found is if letsencrypt['auto_renew'] = true, then letsencrypt['contact_emails'] needs be set with the an email, plus the time for renew needs be set too via letsencrypt['auto_renew_hour'], letsencrypt['auto_renew_minute'] & letsencrypt['auto_renew_day_of_month'].
i think it's better comment the lines 143 and 144 on the GitLab custom plugin
Via Confconsole, TurnKey appliances support getting free Let's Encrypt HTTPS certificates. That generally works great and by default allows appliances to use a single cert to provide all HTTPS services (inc Webmin and Webshell).
However, on the GitLab appliance we install GitLab via their "Omnibus" installer which includes a bundled Let's Encrypt client and a different workflow for generating certs. I did initially try to work around that and use our own Let's Encrypt setup, I tried to leverage it via a custom Confconsole plugin.
It has been reported that it doesn't work as intended. Here's the exact text: