When attempting to register a Gitlab-CI runner with the command gitlab-ci-multi-runner register, users may encounter an issue related to certificate validation, as evidenced by the following error message:
Post https://xxxx/ci/api/v1/runners/register.json: x509: cannot validate certificate for xxxx because it doesn't contain any IP SANs
This error stems from the runner's inability to verify the certificate presented by the Gitlab server. To address this issue, there are two recommended approaches based on the specific circumstances:
For Non-Admin Users:
If the user does not have administrative privileges on the Gitlab server, they can follow the steps outlined below to obtain the necessary certificate and register the runner successfully:
Retrieve the certificate in PEM format:
openssl s_client -connect ${SERVER}:${PORT} -showcerts </dev/null 2></dev/null | sed -e '/-----BEGIN/,/-----END/!d'Save the certificate to a file:
sudo tee "$CERTIFICATE" >/dev/null
Register the runner using the --tls-ca-file option:
gitlab-runner register --tls-ca-file="$CERTIFICATE" [other options]
For Admin Users:
If the user does have administrative access to the Gitlab server, they can resolve the issue by configuring SSL certificates with IP Subject Alternative Names (SANs), allowing the runners to validate the server's identity.
The above is the detailed content of How to Resolve GitLab-CI Runner Certificate Validation Issues?. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
