I'm trying to tweak GitLab Pages (10.8.2) with the objective to have its Pages domain (example.io) TLS enabled with Let's Encrypt.
I have a working Pages setup on regular HTTP with :
pages_external_url "http://example.io"
The ideas I found on Google is to provide the following to serve the certbot challenges:
pages_nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/letsencrypt; }"
Then issuing gitlab-ctl reconfigure
Then I create a test file at /var/www/letsencrypt/bla and try to access it with a browser at http://example.io/.well-known/bla with no success : I get a 301 and redirected to the main GitLab domain at https://example.ltd/.well-known/bla (the main GitLab is already TLS enabled).
What do I miss here ?
First of all, as stated about ACME
wildcard domains must be validated using the DNS-01 challenge type
so trying to setup a webroot for *.example.io challenges is useless.
Second, with the Nginx setup above, the file is rather expected at /var/www/letsencrypt/.well-known/bla