【x509: certificate relies on legacy Common Name field, use SANs instead】

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28841

  1. Change all example.com for your domain
openssl genrsa -out ca.key 2048

openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt

openssl req -newkey rsa:2048 -nodes -keyout example.com.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.example.com" -out example.com.csr

openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com,DNS:www.example.com") -days 365 -in example.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.com.crt
  1. Put crt and key to gitlab ssl. Stop gitlab. Start gitlab.

Check gitlab have new DNS

openssl s_client -connect example.com:443 /dev/null | openssl x509 -noout -text | grep DNS:

【x509: certificate signed by unknown authority】

  1. if have 【x509: certificate signed by unknown authority】
gitlab-runner register --tls-ca-file="Use just create crt file"