Hello community,
I am rather new got Gitea and still working on the correct configuration.
Currently, I am stuck at receiving https-certs via ACME. I am using an internal CA based on step-ca (which is working fine with other internal services).
When using certbot to receive certificates and pointing app.ini to the cert/key-files, HTTPS is working fine, BUT: I wanted to change that to using the Gitea-internal ACME option.
The app.ini is configured as per documentation ( HTTPS Setup | Gitea Documentation ) for non-letsencrypt CAs.
The issue is: my internal CA is providing the directory via http, not https (don’t ask - no chance to switch it right now). When trying to start Gitea service, it does not start the webserver stating:
cmd/web.go:377:listen() [E] Failed to start server: "gitea-server-fqdn": obtaining certificate: ["gitea-server-fqdn"] Obtain: "ca-directory-url": insecure CA URL (HTTPS required for non-internal CA)
I mean - yes, the internal CA is running with http instead of https, but the domain of the Gitea server and the CA server are the same.
I tried to check where and how Gitea checks if the CA URL is internal or external, but could not find anything. Furthermore, I can’t find any more options to turn that check of in app.ini (example file, server cheat sheet).
Any ideas how to make that work?
Thanks in advance,
Fuffnir