github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

SSL certificate problem: unable to get local issuer certificate , when use https apache proxy and Let's Encrypt certificate #1255

New Issue
Closed
opened 2025-11-02 03:54:21 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 03:54:21 -06:00
Owner
Copy Link

Originally created by @nikitos1881 on GitHub (Nov 17, 2017).

  • Gitea version (or commit ref): 1.2.3
  • Git version: 2.14.2
  • Operating system: windows 7
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • [x ] No
    • Not relevant
  • Log gist:

Description

I use Letsencrypt (https://letsencrypt.org/) free certificate and apache proxy. When I clone repoisitory have error "SSL certificate problem: unable to get local issuer certificate".
If modify app.ini to use https with optionts CERT_FILE and KEY_FILE with way to Lets encript certificate< i have "SSL certificate problem: unable to get local issuer certificate". In
bag_gitea

Screenshots

Originally created by @nikitos1881 on GitHub (Nov 17, 2017). - Gitea version (or commit ref): 1.2.3 - Git version: 2.14.2 - Operating system: windows 7 - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [x ] No - [ ] Not relevant - Log gist: ## Description I use Letsencrypt (https://letsencrypt.org/) free certificate and apache proxy. When I clone repoisitory have error "SSL certificate problem: unable to get local issuer certificate". If modify app.ini to use https with optionts CERT_FILE and KEY_FILE with way to Lets encript certificate< i have "SSL certificate problem: unable to get local issuer certificate". In ![bag_gitea](https://user-images.githubusercontent.com/33552084/32957831-ccba5a14-cbcd-11e7-9e92-b172bf01b715.png) ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** -->
GiteaMirror added the type/question label 2025-11-02 03:54:21 -06:00
GiteaMirror commented 2025-11-02 03:54:22 -06:00
Author
Owner
Copy Link

@ModdyLP commented on GitHub (Nov 20, 2017):

You have not Setup Gitea Correctly with the reverse Proxy. Your SSH and Git Traffic to Gitea should always go through the Proxy.

[server]
DOMAIN = example.com
ROOT_URL = https://example.com/
HTTP_ADDR = localhost
HTTP_PORT = 3000
DISABLE_SSH  = false
SSH_PORT     = 22
OFFLINE_MODE = false
ENABLE_GZIP  = true
LANDING_PAGE = explore

Attention on HTTP_ADDR this should be localhost. I cant check the Apache Configuration, because i use NGINX as Reverse Proxy.

@ModdyLP commented on GitHub (Nov 20, 2017): You have not Setup Gitea Correctly with the reverse Proxy. Your SSH and Git Traffic to Gitea should always go through the Proxy. ``` [server] DOMAIN = example.com ROOT_URL = https://example.com/ HTTP_ADDR = localhost HTTP_PORT = 3000 DISABLE_SSH = false SSH_PORT = 22 OFFLINE_MODE = false ENABLE_GZIP = true LANDING_PAGE = explore ``` Attention on HTTP_ADDR this should be localhost. I cant check the Apache Configuration, because i use NGINX as Reverse Proxy.
GiteaMirror commented 2025-11-02 03:54:22 -06:00
Author
Owner
Copy Link

@nikitos1881 commented on GitHub (Nov 20, 2017):

I reconfigure Gitea config, but i get error "SSL certificate problem: unable to get local issuer certificate".

[server]
DOMAIN           = test.mydomain.com
SSH_DOMAIN       = test.mydomain.com
ROOT_URL         = https://test.mydomain.com:8445/
HTTP_ADDR        = localhost
HTTP_PORT        = 3001
PROTOCOL         = http
DISABLE_SSH      = false
SSH_PORT         = 22
OFFLINE_MODE     = false
ENABLE_GZIP      = true
LANDING_PAGE     = explore
LFS_START_SERVER = true
LFS_CONTENT_PATH = /var/gitea-lfs
LFS_JWT_SECRET   = axYPyopfcWlyVflTSZVSe6JoPYc5sTGmtGtTqjxzWYI

Apache config to work with SNI (https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI) for local url https://test:8445 use local self-signet certificate, for internet url https://test.mydomain.com:8445/ use Letsencrypt certificate.
Letsencrypt certificate issued only on name test.mydomain.com

Apache config:

#Establish a connection for all virtual hosts for clients without SNI
SSLStrictSNIVHostCheck off

<VirtualHost *:8445>
    ServerName test:8445

	SSLEngine On
	SSLProxyEngine On
	SSlProtocol all
	SSLCipherSuite HIGH:MEDIUM
	
	# local self-signed certificate
	SSLCertificateFile /etc/ssl/test/server.crt
	SSLCertificateKeyFile /etc/ssl/test/server.key
	

# Revers proxy 

SSLProxyVerify none
SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RequestHeader set Front-End-Https "On"

SSLProxyEngine 		On
ProxyRequests		Off
ProxyPreserveHost	On
AllowEncodedSlashes	NoDecode

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>


# Git Repository Gitea 
ProxyPass		    / http://localhost:3001/
ProxyPassReverse	/ http://localhost:3001/

</VirtualHost>

<VirtualHost *:8445>
    ServerName test.mydomain.com

    
    #Options Indexes ExecCGI FollowSymLinks

	SSLEngine on
	SSLProxyEngine On
	SSlProtocol all
	SSLCipherSuite HIGH:MEDIUM
	
	
	SSLCertificateFile /etc/ssl/zerossl/test.mydomain.com.crt
	SSLCertificateKeyFile /etc/ssl/zerossl/test.mydomain.com.key
	

# Revers proxy
SSLProxyEngine 		On
ProxyRequests		Off
ProxyPreserveHost	On
AllowEncodedSlashes	NoDecode

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

# Git Repository Gitea
ProxyPass		    / http://localhost:3001/
ProxyPassReverse	/ http://localhost:3001/

</VirtualHost>
@nikitos1881 commented on GitHub (Nov 20, 2017): I reconfigure Gitea config, but i get error "SSL certificate problem: unable to get local issuer certificate". ``` [server] DOMAIN = test.mydomain.com SSH_DOMAIN = test.mydomain.com ROOT_URL = https://test.mydomain.com:8445/ HTTP_ADDR = localhost HTTP_PORT = 3001 PROTOCOL = http DISABLE_SSH = false SSH_PORT = 22 OFFLINE_MODE = false ENABLE_GZIP = true LANDING_PAGE = explore LFS_START_SERVER = true LFS_CONTENT_PATH = /var/gitea-lfs LFS_JWT_SECRET = axYPyopfcWlyVflTSZVSe6JoPYc5sTGmtGtTqjxzWYI ``` Apache config to work with SNI (https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI) for local url https://test:8445 use local self-signet certificate, for internet url https://test.mydomain.com:8445/ use Letsencrypt certificate. Letsencrypt certificate issued only on name test.mydomain.com Apache config: ``` #Establish a connection for all virtual hosts for clients without SNI SSLStrictSNIVHostCheck off <VirtualHost *:8445> ServerName test:8445 SSLEngine On SSLProxyEngine On SSlProtocol all SSLCipherSuite HIGH:MEDIUM # local self-signed certificate SSLCertificateFile /etc/ssl/test/server.crt SSLCertificateKeyFile /etc/ssl/test/server.key # Revers proxy SSLProxyVerify none SSLProxyCheckPeerCN off #SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off RequestHeader set Front-End-Https "On" SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> # Git Repository Gitea ProxyPass / http://localhost:3001/ ProxyPassReverse / http://localhost:3001/ </VirtualHost> <VirtualHost *:8445> ServerName test.mydomain.com #Options Indexes ExecCGI FollowSymLinks SSLEngine on SSLProxyEngine On SSlProtocol all SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/ssl/zerossl/test.mydomain.com.crt SSLCertificateKeyFile /etc/ssl/zerossl/test.mydomain.com.key # Revers proxy SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> # Git Repository Gitea ProxyPass / http://localhost:3001/ ProxyPassReverse / http://localhost:3001/ </VirtualHost> ```
GiteaMirror commented 2025-11-02 03:54:22 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (Nov 30, 2017):

You're probably missing a SSLCertificateChainFile setting in your apache config.

@silverwind commented on GitHub (Nov 30, 2017): You're probably missing a `SSLCertificateChainFile` setting in your apache config.
GiteaMirror commented 2025-11-02 03:54:22 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Nov 30, 2017):

Closing as unrelated to gitea and also as answered

@lafriks commented on GitHub (Nov 30, 2017): Closing as unrelated to gitea and also as answered
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#1255
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?