[detaro]

Curious, how does your setup work that you need to do that? Don't they allow changing the cert without disabling the domain?

[emurray]

It involves using "certbot certonly -a manual" with a bunch of other flags on the command line (well in a script really), create the file it asks for and let it generate a new key.

Gitlab pages only lets you add cert/key details at the point you add the domain (afaik anyway), so you need to delete it and re-add it with the renewed key. It's tedious enough, but it's really only the last step that needs to be done manually.

[james-skemp]

I think there's an issue to make this easier, but I finally just bit the bullet and threw Cloudflare in front of it.

I really hope that GitLab will simplify this, especially with Chrome soon warning on any HTTP site.

[no_protocol]

At least when using the web interface, you need to delete the domain and then re-add it. I'm not sure if there is an alternate option via an API, never looked into it.