diff options
Diffstat (limited to 'doc/administration/geo/disaster_recovery/index.md')
-rw-r--r-- | doc/administration/geo/disaster_recovery/index.md | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/doc/administration/geo/disaster_recovery/index.md b/doc/administration/geo/disaster_recovery/index.md index b6703e8a5fb..24a91a7a9c5 100644 --- a/doc/administration/geo/disaster_recovery/index.md +++ b/doc/administration/geo/disaster_recovery/index.md @@ -479,25 +479,24 @@ changing Git remotes and API URLs. external_url 'https://<new_external_url>' ``` - If you provide GitLab with its certificate - [manually](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually), - ensure: + NOTE: + Changing `external_url` does not prevent access via the old secondary URL, as + long as the secondary DNS records are still intact. - - The new URL is one of the subject alternative names: +1. Update the **secondary**'s SSL certificate: + + - If you use the [Let's Encrypt integration](https://docs.gitlab.com/omnibus/settings/ssl/index.html#enable-the-lets-encrypt-integration), + the certificate updates automatically. + - If you had [manually set up](https://docs.gitlab.com/omnibus/settings/ssl/index.html#configure-https-manually), + the **secondary**'s certificate, copy the certificate from the **primary** to the **secondary**. + If you don't have access to the **primary**, issue a new certificate and make sure it contains + both the **primary** and **secondary** URLs in the subject alternative names. You can check with: ```shell /opt/gitlab/embedded/bin/openssl x509 -noout -dates -subject -issuer \ -nameopt multiline -ext subjectAltName -in /etc/gitlab/ssl/new-gitlab.new-example.com.crt ``` - - The certificate and key filenames match the new `external_url`, - or those filenames are - [specified in `/etc/gitlab/gitlab.rb`](https://docs.gitlab.com/omnibus/settings/ssl/index.html#change-the-default-ssl-certificate-location). - - NOTE: - Changing `external_url` does not prevent access via the old secondary URL, as - long as the secondary DNS records are still intact. - 1. Reconfigure the **secondary** site for the change to take effect: ```shell |