Vague TLS error when registering and remote server doesn't send intermediate CA certs
I added the SSL cert to the /etc/gitlab/ssl
folder on the Gitlab (omnibus) server, and had no issue accessing the page in Chrome. Every attempt to register using the runner failed, however.
The issue was that I didn't add the intermediate CA certificate to the .crt
file, but it took a lot of debugging to work out where the issue lay, as the error message was:
Post https://ci.example.com.au/api/v1/runners/register.json: x509: certificate signed by unknown authority
This error led me down a rabbit hole of checking the root certificate was recognised etc., when it was entirely unrelated.
Is it possible to get more specific error messages around certificate failures over SSL? Also, would it be worthwhile documenting this as a gotcha? I could access that site in multiple browsers, and it would show up as entirely secure according to the address bar etc, so I didn't realise anything was wrong until I ran the test from https://www.ssllabs.com/ssltest/index.html.