Git LFS give x509: certificate signed by unknown authority

Question

I have just setup an Ubuntu 18.04 LTS Server with Gitlab following the instructions from https://about.gitlab.com/install/#ubuntu .

I have issued a ssl certificate from GoDaddy and confirmed this works with the Gitlab server.

I have then updated gitlab.rb: gitlab_rails['lfs_enabled'] = true

I have installed GIT LFS Client from https://git-lfs.github.com/ .

I have then tried to find a solution online on why I do not get LFS to work. I always get

x509: certificate signed by unknown authority

Other settings done in gitlab.rb :

gitlab_workhorse[‘env’] = {
‘SSL_CERT_DIR’ => ‘/opt/gitlab/embedded/ssl/certs/’
}
nginx[‘redirect_http_to_https’] = true

I am not an expert on Linux/Unix/git - but have used Unix/Linux for some 30+ years and git for a number of years - not just setup git with LFS myself before.

Answer 1

I just had that same issue while running git clone ... to download source code from a private Git repository in BitBucket into a Docker image. I solved it by disabling the SSL check like so:

GIT_SSL_NO_VERIFY=1 git clone ...

Notice that there is no && between the Environment arg and the git clone command.

You can also set that option using git config :

git config http.sslverify false

For my use case in building a Docker image it is easier to set the Env var.

Answer 2

The problem is that Git LFS finds certificates differently than the rest of Git.

It might need some help to find the correct certificate.

I and my users solved this by pointing http.sslCAInfo to the correct location.

git config http.sslCAInfo ~/.ssh/id_ed25519 where id_ed25519 is the users private key for the problematic repo so change as appropriate.