In this post, I will enlist the steps followed to renew the Gitlab Pages https certificate for this website. This post assumes that the certifcate has already expired, and hence the certbot verification that is required to generate a new certificate will not work over https, only http.

Prepare for a new certificate

  1. Edit config.toml and change https to http.
           This is necessary for certbot verification.
  2. Under Gitlab project Settings on the left column, click on Pages. Delete the https domain.
  3. Uncheck Force domains with SSL certificates to use HTTPS
  4. Create a new domain with no certificate values (Cerficate PEM and Key PEM).
  5. This will create a new TXT record generated by Gitlab for domain verification. Go to your domain provider and add the TXT record. Click ‘Verify’ on the Gitlab TXT domain verification page.

Create the certificate

  1. If you don’t have certbot installed, install it on your Mac using brew install certbot.
  2. Do a git pull to ensure you have an updated local copy of the repository.
  3. Run sudo certbot certonly -a manual -d d3vlabs.com to generate new verification links. Keep this window open. You’ll need it in step 7.
  4. Update the repository under ./static/.well-known/acme-challenge.
  5. Do a git push to update the Gitlab repository to enable verification.
  6. Ensure that the link generates necessary response by running curl <http link fromcertbot>. This should return the response expected by the certbot session in step 3.
  7. Confirm the certbot session open in step 3. This will generate fullchain.pem and privkey.pem.

Update the certificate on Gitlab

  1. Under Gitlab project Settings on the left column, click on Pages. Delete the http domain.
  2. Check Force domains with SSL certificates to use HTTPS
  3. Create a new domain with the new certificate values generated in step 7 from the previous section.
  4. This will create a new TXT record generated by Gitlab for domain verification. Go to your domain provider and add the TXT record. Click ‘Verify’ on the Gitlab TXT domain verification page.