You are here
noschvie - Sat, 2021/11/06 - 13:47
Hello
have running a TurnKey gitea appliance at my local network.
How can I solve this error ? Thanks!
git clone https://gitea.<my domain>/noschvie/Liechtenstein.git SSL: certificate subject name (gitea) does not match target host name 'gitea.<my domain>'
tried this, but didn't solve it:
openssl s_client -showcerts -servername gitea.<my domain> -connect gitea.<my domain>:443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > gitea-<my domain>.pem cat gitea-<my domain>.pem | sudo tee -a /etc/ssl/certs/ca-certificates.crt
Forum:
The "proper" fix is to get a CA signed cert.
Three options that I can think of:
"Proper" certificate
If your server is available publicly, then the best way to fix this issue would be to use our built in Confconsole tool. That has a Let's Encrypt integration (Let's Encrypt provide free TLS/SSL certs. That will get you a "proper" CA signed certificate which should "just work".
Set up your own CA
If that's not an option and/or you don't want your server publicly available, then you'll need to create your own CA (certificate authority). All of your clients will also need to have the associated CA cert imported. A quick google turned up quite a few tutorials (e.g. here's one and here's another. I haven't tested them, but on face value they look reasonable.
We do have a tool for generating TLS/SSL certs, which would allow you to generate a that does include your domain and can also generate a CSR (certificate signing request; which you then need to sign with your CA private key). Our tool is called 'turnkey-make-ssl-cert'. Unfortuantely, I'm not super familiar with it, nor am I an expert with TLS/SSL certs, so I'm not going to offer any advice there, but it's help output might help?
Having said that, it might just be easier to follow the instructions in one of those tutorials (and use openssl directly)!?
Regardless, once you have generated your new certs, then be sure that the certs are loaded by Nginx (the webserver used in the Gitea appliance). The paths can be found in /etc/nginx/include/ssl. Once that's set up, then restart Nginx:
Just use plain http
If you are running it within your local network, then the super easy workaround is to just use vanilla http URLs. I.e. just drop the 's' like this
Add new comment