Unable to replace registry certificate in omnibus 8.11.0 install

[Randall Smith]

Greetings,

I have an omnibus install of gitlab (8.11.0-ce.1). My original cert did not include the certificate chain which is causing docker to complain about the cert. I've updated the cert to include the certificate chain and ran `gitlab-ctl reconfigure` but the certificate is not updated. I tried deleting /var/opt/gitlab/registry/gitlab-registry.crt and then running reconfigure. The certificate is recreated from the old certificate.

I have this in /etc/gitlab/gitlab.rb (hostname in cert obfuscated)

registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/hostname.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/hostname.key"

My first guess is that chef is caching the certificate but I can't figure out how to clear that from the chef cache.

What is the right way to update the registry certificate?

Thanks

[Randall Smith]

Replying to my own post since no one else is. :-)

I had copied the new certificate over the old one expecting the gitlab-ctl reconfigure would pick it up. I was wrong. Even renaming the cert failed.

The solution was to change the name of the file in gitlab.rb to a file that didn't exist and run reconfigure. Of course, the restart failed. Then I fixed the file name in gitlab.rb and ran reconfigure. Boom! New cert! Now docker login works and I can use the registry.

I hope this helps someone else.