Gitlab unable to get local issuer certificate

Resolving SSL Certificate Issue in GitLab Runner

Do not worry if you have seen the error “fatal: unable to access ‘https://gitlab.com/my-project/my-repo.git/’: SSL certificate problem: unable to get local issuer certificate” while using GitLab. This is a common problem that can be solved in a few simple steps. In this article, we will look at the root cause of the problem and walk you through the resolution process

Created fresh repository.
fatal: unable to access 'https://gitlab.com/my-project/my-repo.git/': SSL certificate problem: unable to get local issuer certificate

Understanding the Issue

The error you are seeing is due to an issue with SSL certificate validation. When GitLab Runner attempts to access your repository via HTTPS, the SSL certificate must be verified. This error is raised if the certificate cannot be validated.

Causes of the SSL Certificate Problem

1. Outdated Certificate Authorities (CA): 

 Your system may be missing or have outdated Certificate Authority (CA) certificates.

2. Self-Signed Certificates:

 The self-signed certificate that your GitLab instance uses may not be automatically recognized by your system.

3. Network Issues:

Another possible cause of this issue during the SSL handshake is transient network problems.

Resolving the Issue

1. For self-hosted runners:

If you are having trouble running the gitlab pipeline with your self-hosted runner, you should restart the virtual machine (VM) of GitLab Runner. If the problem persists, you should also update the version of GitLab Runner.

2. Update the CA Certificates:

On Linux, you can update CA certificates using your package manager. For example, on Debian/Ubuntu:

sudo apt-get update
sudo apt-get install ca-certificates

3. Configure Git to Ignore SSL Verification (Not Recommended):

Warning: This is a workaround and not a recommended solution for security reasons.Run the following Git command to disable SSL verification for the repository:

git config --global http.sslVerify false

4. Check Your Network:

Ensure there are no temporary network issues. A stable internet connection is crucial for SSL handshakes.

5. Update GitLab Runner:

Ensure your GitLab Runner is up to date. New releases often come with fixes for known issues.

6. Verify Certificate Chain:

If your GitLab instance uses a custom SSL certificate, ensure the full certificate chain is correctly configured.

7. Investigate GitLab Instance:

Check the SSL configuration on your GitLab instance. If it’s using a self-signed certificate, consider replacing it with a CA-signed certificate.

Conclusion

Although problems with SSL certificates are common, you can quickly resolve them if you follow the correct procedures. You can resume pushing and pulling from your GitLab repository without any issues by updating your CA certificates, thinking about other protocols, and verifying your network connection.

Recall that although there are workarounds, such as turning off SSL verification, your connections’ security is still jeopardized. Addressing the underlying issue and putting safe fixes in place are advised.

Now that you know how to solve SSL certificate issues in GitLab Runner, you can spread this knowledge among your colleagues and the larger tech community, facilitating everyone’s coding experience. Have fun with coding!