Ask questionsUnable to clone GitLab repositories with self signed certificate

  • Sourcegraph version: 3.2
  • Platform information: Localhost, AWS, GCP


Users are unable to clone GitLab repositories with self signed certificates – even when adding the certificate to the GitLab external service configuration as documented here:

Implementation details can be found here:

Steps to reproduce:

  1. Deploy Sourcegraph 3.2 to AWS, GCP, Digital Ocean
  2. Add a self signed certificate
  3. Configure a GitLab external service (only tested with an on-prem GitLab instance). Add the certificate details to the external service:
  4. Add the external service
  5. Click Enable on one of the repositories.

Expected behavior:

GitLab external service should use the certificate provided to clone repositories.

Actual behavior:

Repositories are discovered, but unable to clone with the following error.

repo not found (name=some-host/some/repo/path url=https://git:xxxxxx@some-host/some/repo/path.git notfound=false) because exit status 128 (output follows)
fatal: unable to access 'https://git:xxxxxx@some-host/some/repo/path.git/': SSL certificate problem: unable to get local issuer certificate

Answer questions keegancsmith

@sourcegraph/core-services so we need to update gitserver so that we git config http.sslCAInfo per repo? Alternatively we can document how users can do globally set the git config http.sslVerify. Does that sound like the path forward?


Related questions

Add loki to hot 1
Github User Rank List