I’m hosting this mini-blog on GitLab Pages, but using my own domain, so I need Let’s Encrypt for a secure page. I needed certbot for creating a certificate, and an Ubuntu virtual machine since certbot throws compatibility warnings on mac OS.

I created an Ubuntu 16.04 virtual machine, did git clone https://github.com/certbot/certbot and then ran the ./certbot-auto certonly --manual -d devlog.cemkesemen.com command.

At one point, certbot warned me that my IP would be publicly logged, so I wanted to use one of my web hosts IP for the request. I installed sshuttle to quickly ssh/proxy from one of my web servers on RamNode^{(affiliate link)}.

git clone https://github.com/sshuttle/sshuttle.git
sudo apt-get install python3-setuptools
cd sshuttle
sudo python3 ./setup.py install

Then I tmux’ed a new session, sshuttle‘ed from one window, and ran certbot again from another.

At one point, Let’s Encrypt asks to see a key at a certain page. Since I’m using Hugo, I created the directory and page in the static directory, pushed the page and told certbot to continue.

Once done, certbot gives a location for the keys.

sudo su
cd /etc/letsencrypt/live/devlog.cemkesemen.com

There are two files that are needed for GitLab; fullchain.pem goes to the Certificate (PEM) area, and privkey.pem goes to Key (PEM) are on New Pages Domain page.

After this, run the latest pipeline again, and you should have your page secured. Or, if you are running Hugo, change your baseURL to your new domain and do a git push.