Certificate misses intermediates error on GitLab Pages

Learn how to fix the Certificates misses intermediates error when you register a Let's Encrypt certificate for your site hosted on GitLab Pages.

Follow these steps to reproduce the error:

  1. Log in to GitLab and select your project.
  2. Go to Settings > Pages.
  3. Click New Domain or select Details on a domain that you already have registered.
  4. Enter your certificate in the Certificate (PEM) field and your certificate key in the Key (PEM) field.
  5. Click Create New Domain (or Save Changes) if you’re updating an existing domain.

The page displays the following error:

Certificate misses intermediates

Possible cause

GitLab Pages requires you to also upload the intermediate certificates in the chain of trust.

Solution

Download and provide the Let’s Encrypt intermediate certificate. According to Intermediate Certificates, Let’s Encrypt uses an intermediate that is cross-signed by another authority, IdenTrust. Use this cross-signed certificate as the intermediate in your GitLab Pages domain registration:

  1. Copy the cross-signed certificate text from the Let’s Encrypt site.
  2. In the Certificate (PEM) field, enter your certificate, followed by a new line, and the cross-signed certificate afterwards, as shown in the following example:
    -----BEGIN CERTIFICATE-----
    Your_certificate
    ...
    ...
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    The cross-signed_certificate
    ...
    ...
    -----END CERTIFICATE-----
    
  3. Click Save Changes.

Leave a comment