How to use HTTPS on windows server? #6881

New Issue

Closed

opened 2025-11-02 07:09:50 -06:00 by GiteaMirror · 3 comments

GiteaMirror commented 2025-11-02 07:09:50 -06:00

Owner

Copy Link

Originally created by @harkirat777 on GitHub (Feb 17, 2021).

• Gitea version (or commit ref): 1.13.0
• Operating system: Microsoft Server 2012 R2

Description

We are running Gitea as windows service. I have followed the instructions in docs for HTTPS setup Using the built-in server. But, https://[HOST]:3000/ gives certificate error on the server and the clients.
Log file has following error:
...c/net/http/server.go:3095:logf() [I] http: TLS handshake error from 10.X.X.X:63846: remote error: tls: unknown certificate

Is there another step we are missing?

Originally created by @harkirat777 on GitHub (Feb 17, 2021). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq) 5. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.13.0 - Operating system: Microsoft Server 2012 R2 ## Description We are running Gitea as windows service. I have followed the instructions [in docs for HTTPS setup Using the built-in server](https://docs.gitea.io/en-us/https-setup/#using-the-built-in-server). But, https://[HOST]:3000/ gives certificate error on the server and the clients. Log file has following error: `...c/net/http/server.go:3095:logf() [I] http: TLS handshake error from 10.X.X.X:63846: remote error: tls: unknown certificate` Is there another step we are missing?

GiteaMirror added the type/questionissue/needs-feedback labels 2025-11-02 07:09:50 -06:00

GiteaMirror closed this issue 2025-11-02 07:09:50 -06:00

GiteaMirror commented 2025-11-02 07:09:50 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Feb 17, 2021):

TLS handshake error from 10.X.X.X:63846: remote error: tls: unknown certificate means that the client is offering up a certificate.

What error do browsers give when accessing your install? On your browser it'll say something like the error is due to the cert being expired, the authority is not known to your device, the cert has been revoke, or one of many more possible errors.

@techknowlogick commented on GitHub (Feb 17, 2021): `TLS handshake error from 10.X.X.X:63846: remote error: tls: unknown certificate` means that the client is offering up a certificate. What error do browsers give when accessing your install? On your browser it'll say something like the error is due to the cert being expired, the authority is not known to your device, the cert has been revoke, or one of many more possible errors.

GiteaMirror commented 2025-11-02 07:09:51 -06:00

Author

Owner

Copy Link

@harkirat777 commented on GitHub (Feb 18, 2021):

We are getting NET::ERR_CERT_AUTHORITY_INVALID.
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

How can I push this certificate to all the clients? Is there a way to accomplish this without Group Policy?

@harkirat777 commented on GitHub (Feb 18, 2021): We are getting NET::ERR_CERT_AUTHORITY_INVALID. `This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.` How can I push this certificate to all the clients? Is there a way to accomplish this without Group Policy?

GiteaMirror commented 2025-11-02 07:09:51 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Feb 18, 2021):

You either need to use a certificate that has an authority already trusted by the remote machines, or you need to push the authority to the machines. You can have people manually install the authority on their machines, but I strongly recommend using an authority that is already trusted. You could use caddyserver in front of Gitea and use their Letsencrypt DNS implementation if this instance is not available to the internet.

However Gitea is serving the certificate you provided correctly, as such I will be closing this.

@techknowlogick commented on GitHub (Feb 18, 2021): You either need to use a certificate that has an authority already trusted by the remote machines, or you need to push the authority to the machines. You can have people manually install the authority on their machines, but I strongly recommend using an authority that is already trusted. You could use caddyserver in front of Gitea and use their Letsencrypt DNS implementation if this instance is not available to the internet. However Gitea is serving the certificate you provided correctly, as such I will be closing this.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/needs-feedback type/question

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#6881