Skip to content

Unable to clone GitLab repositories with self signed certificate

Created by: KattMingMing

  • Sourcegraph version: 3.2
  • Platform information: Localhost, AWS, GCP

Details

Users are unable to clone GitLab repositories with self signed certificates – even when adding the certificate to the GitLab external service configuration as documented here: https://docs.sourcegraph.com/admin/external_service/gitlab#configuration

Implementation details can be found here: https://sourcegraph.com/github.com/sourcegraph/[email protected]/-/blob/cmd/repo-updater/repos/gitlab.go#L243

Steps to reproduce:

  1. Deploy Sourcegraph 3.2 to AWS, GCP, Digital Ocean
  2. Add a self signed certificate
  3. Configure a GitLab external service (only tested with an on-prem GitLab instance). Add the certificate details to the external service: https://docs.sourcegraph.com/admin/external_service/gitlab#configuration
  4. Add the external service
  5. Click Enable on one of the repositories.

Expected behavior:

GitLab external service should use the certificate provided to clone repositories.

Actual behavior:

Repositories are discovered, but unable to clone with the following error.

repo not found (name=some-host/some/repo/path url=https://git:xxxxxx@some-host/some/repo/path.git notfound=false) because exit status 128 (output follows)
fatal: unable to access 'https://git:xxxxxx@some-host/some/repo/path.git/': SSL certificate problem: unable to get local issuer certificate