When installation is done we create an ini file for Let’s Encrypt. It’s more clear than a command line with multiple options.
So create /root/letsencrypt-config/gitlab.ini file.
We use authenticator = standalone because of GitLab Registry. The Registry can’t be started in http://. So it’s the more easier. But it will need to have nginx down while Let’s Encrypt run.
Now we have to create a small script /root/letsencrypt-config/renew-ssl-certificates.cron to automatically renew certificates by using cron.
The script will stop the GitLab’s nginx server, then call Let’s Encrypt to renew our certificates, then start the nginx server.
Then we put the script into cron.monthly. And manually generate certificates the first time.
To finish we configure GitLab to have it use the certificates.