Let's Encrypt not working

Install/Maintain/Configure

patrick-fls December 27, 2018, 7:56pm 1

Hi,

Running Gitea 1.6.2 on a new ubuntu instance. We can’t make LE to work:

[server]
SSH_DOMAIN       = localhost
DOMAIN           = source.example.com
HTTP_PORT        = 3000
PROTOCOL         = https
ENABLE_LETSENCRYPT =    true
LETSENCRYPT_ACCEPTTOS = true
LETSENCRYPT_DIRECTORY = https
LETSENCRYPT_EMAIL= it@example.com

When we restart the service, the logs are showing this:

2018/12/27 19:48:34 [I] Log Mode: File(Info)
2018/12/27 19:48:34 [I] XORM Log Mode: File(Info)
2018/12/27 19:48:34 [I] Cache Service Enabled
2018/12/27 19:48:34 [I] Session Service Enabled
2018/12/27 19:48:34 [I] Git Version: 2.7.4
2018/12/27 19:48:34 [I] SQLite3 Supported
2018/12/27 19:48:34 [I] Run Mode: Production
2018/12/27 19:48:34 [I] Listen: https://0.0.0.0:3000
2018/12/27 19:48:34 [I] LFS server enabled
2018/12/27 19:48:34 [I] Running Let's Encrypt handler on 0.0.0.0:80

When accessing source.example.com it will redirect to https://source.example.com:3000 but the connection cannot be made, Chrome says ERR_SSL_PROTOCOL_ERROR

I tried to change the logs from info to trace as per the cheat sheet but seems to stay as info no matter what.

any ideas how to fix it? thanks!

gitea2019 December 31, 2018, 4:22pm 2

Hi,
This is mine. It didn’t set ssl inside of app.ini. I set ssl inside of Nginx. In addition, I set ROOT_URL.

ROOT_URL = https://example.com

This will affect the “git clone address” which is displaying on your repository. Furthermore, I see this in my Nginx configuration.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

APP_NAME = Gogs
RUN_USER = pi
RUN_MODE = prod
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = gogs
USER = root
PASSWD =
SSL_MODE = disable
PATH = data/gogs.db
[repository]
ROOT = /home/pi/gogs-repositories
[server]
DOMAIN = yourdoamin
HTTP_PORT = 3000
ROOT_URL = https://example.com
DISABLE_SSH = true
OFFLINE_MODE = false
[service]
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = false
ENABLE_CAPTCHA = true
REQUIRE_SIGNIN_VIEW = true
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = false
[session]
PROVIDER = file
[log]
MODE = console, file
LEVEL = Info
ROOT_PATH = /home/pi/gogs/log
[security]
INSTALL_LOCK = true
SECRET_KEY = iXAhR4z05t3Xyud
#EVERSE_PROXY_AUTHENTICATION_USER = X-Forwarded-User

azureus89 January 6, 2020, 3:09am 3

I’m having the same issue, what was the problem in the end?

bryanpedini May 14, 2020, 8:10am 4

Why you all need to use SSL inside Gitea itself?

I mean, yeah it’s useful and handy, but what’s different (or hard) in making up a reverse proxy with SSL in it, and localhost connection in plain HTTP (it’s server internal anyway)…?
Both Nginx and Apache2 can reverse_proxy to Gitea, you can find plenty of tutorials online.

Related Topics

Topic		Replies	Views	Activity
How to properly secure Gitea with Let's Encrypt SSL cert? Install/Maintain/Configure	2	1252	November 3, 2023
Apache Proxy Error (502) General	0	3498	April 28, 2019
Set up let's encrypt Install/Maintain/Configure	2	1530	February 17, 2023
Letsencrypt certificates not saved? [SOLVED] Install/Maintain/Configure	2	986	November 13, 2020
[SOLVED] Clone over https fails certificate verification Install/Maintain/Configure	5	15590	July 4, 2018