Let's Encrypt not working


#1

Hi,

Running Gitea 1.6.2 on a new ubuntu instance. We can’t make LE to work:

[server]
SSH_DOMAIN       = localhost
DOMAIN           = source.example.com
HTTP_PORT        = 3000
PROTOCOL         = https
ENABLE_LETSENCRYPT =    true
LETSENCRYPT_ACCEPTTOS = true
LETSENCRYPT_DIRECTORY = https
LETSENCRYPT_EMAIL= it@example.com

When we restart the service, the logs are showing this:

2018/12/27 19:48:34 [I] Log Mode: File(Info)
2018/12/27 19:48:34 [I] XORM Log Mode: File(Info)
2018/12/27 19:48:34 [I] Cache Service Enabled
2018/12/27 19:48:34 [I] Session Service Enabled
2018/12/27 19:48:34 [I] Git Version: 2.7.4
2018/12/27 19:48:34 [I] SQLite3 Supported
2018/12/27 19:48:34 [I] Run Mode: Production
2018/12/27 19:48:34 [I] Listen: https://0.0.0.0:3000
2018/12/27 19:48:34 [I] LFS server enabled
2018/12/27 19:48:34 [I] Running Let's Encrypt handler on 0.0.0.0:80

When accessing source.example.com it will redirect to https://source.example.com:3000 but the connection cannot be made, Chrome says ERR_SSL_PROTOCOL_ERROR

I tried to change the logs from info to trace as per the cheat sheet but seems to stay as info no matter what.

any ideas how to fix it? thanks!


#2

Hi,
This is mine. It didn’t set ssl inside of app.ini. I set ssl inside of Nginx. In addition, I set ROOT_URL.

ROOT_URL = https://example.com

This will affect the “git clone address” which is displaying on your repository. Furthermore, I see this in my Nginx configuration.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

APP_NAME = Gogs
RUN_USER = pi
RUN_MODE = prod
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = gogs
USER = root
PASSWD =
SSL_MODE = disable
PATH = data/gogs.db
[repository]
ROOT = /home/pi/gogs-repositories
[server]
DOMAIN = yourdoamin
HTTP_PORT = 3000
ROOT_URL = https://example.com
DISABLE_SSH = true
OFFLINE_MODE = false
[service]
REGISTER_EMAIL_CONFIRM = true
ENABLE_NOTIFY_MAIL = true
DISABLE_REGISTRATION = false
ENABLE_CAPTCHA = true
REQUIRE_SIGNIN_VIEW = true
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = false
[session]
PROVIDER = file
[log]
MODE = console, file
LEVEL = Info
ROOT_PATH = /home/pi/gogs/log
[security]
INSTALL_LOCK = true
SECRET_KEY = iXAhR4z05t3Xyud
#EVERSE_PROXY_AUTHENTICATION_USER = X-Forwarded-User