[emurray]

I have a website hosted there, and manually renew a let's encrypt cert for custom domain pointing to it every few months. Unfortunately this involves removing and re-adding the custom domain.

I got a notification the cert was going to expire soon so I went through my usual renewal process, only to get redirected to the linked post from the new domain button immediately after deleting the custom domain. So the custom domain now 404s which is the last thing I would have wanted.

I'd strongly suggest a warning get attached to the delete domain custom domain button, or something similar, until this is fixed.

[gitlab-security]

This is a good suggestion, and we have created an issue to implement this https://gitlab.com/gitlab-org/gitlab-ce/issues/43186. Thank you for the constructive feedback.

[no_protocol]

Thank you for the warning. I have a similar setup and luckily just renewed my Let's Encrypt cert a couple weeks ago.

That's pretty brutal for anyone whose cert is expiring right around this time, though.

[detaro]

Curious, how does your setup work that you need to do that? Don't they allow changing the cert without disabling the domain?

[emurray]

It involves using "certbot certonly -a manual" with a bunch of other flags on the command line (well in a script really), create the file it asks for and let it generate a new key.

Gitlab pages only lets you add cert/key details at the point you add the domain (afaik anyway), so you need to delete it and re-add it with the renewed key. It's tedious enough, but it's really only the last step that needs to be done manually.

[james-skemp]

I think there's an issue to make this easier, but I finally just bit the bullet and threw Cloudflare in front of it.

I really hope that GitLab will simplify this, especially with Chrome soon warning on any HTTP site.

[no_protocol]

At least when using the web interface, you need to delete the domain and then re-add it. I'm not sure if there is an alternate option via an API, never looked into it.