GitLab Pages integration with Let’s Encrypt

Introduced in GitLab 12.1. For versions earlier than GitLab 12.1, see the manual Let’s Encrypt instructions. This feature is in beta and may still have bugs. See all the related issues linked from this issue’s description for more information.

The GitLab Pages integration with Let’s Encrypt (LE) allows you to use LE certificates for your Pages website with custom domains without the hassle of having to issue and update them yourself; GitLab does it for you, out-of-the-box.

Let’s Encrypt is a free, automated, and open source Certificate Authority.

Caution: This feature covers only certificates for custom domains, not the wildcard certificate required to run Pages daemon . Wildcard certificate generation is tracked in this issue.

Requirements

Before you can enable automatic provisioning of an SSL certificate for your domain, make sure you have:

  • Created a project in GitLab containing your website’s source code.
  • Acquired a domain (example.com) and added a DNS entry pointing it to your Pages website.
  • Added your domain to your Pages project and verified your ownership.
  • Verified your website is up and running, accessible through your custom domain.
Note: GitLab’s Let’s Encrypt integration is enabled and available on GitLab.com. For self-managed GitLab instances, make sure your administrator has enabled it.

Enabling Let’s Encrypt integration for your custom domain

Once you’ve met the requirements, enable Let’s Encrypt integration:

  1. Navigate to your project’s Settings > Pages.
  2. Find your domain and click Details.
  3. Click Edit in the top-right corner.
  4. Enable Let’s Encrypt integration by switching Automatic certificate management using Let’s Encrypt:

    Enable Let's Encrypt

  5. Click Save changes.

Once enabled, GitLab will obtain a LE certificate and add it to the associated Pages domain. It also will be renewed automatically by GitLab.

Notes:

  • Issuing the certificate and updating Pages configuration can take up to an hour.
  • If you already have SSL certificate in domain settings it will continue to work until it will be replaced by Let’s Encrypt’s certificate.

Troubleshooting

Error “Certificate misses intermediates”

If you get an error Certificate misses intermediates while trying to enable Let’s Encrypt integration for your domain, follow the steps below:

  1. Go to your project’s Settings > Pages.
  2. Turn off Force HTTPS if it’s turned on.
  3. Click Details on your domain.
  4. Click the Edit button in the top right corner of domain details page.
  5. Enable Let’s Encrypt integration.
  6. Click Save.
  7. Go to your project’s Settings > Pages.
  8. Turn on Force HTTPS.