https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28841
【x509: certificate relies on legacy Common Name field, use SANs instead】
1. Change all example.com for your domain
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout example.com.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.example.com" -out example.com.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com,DNS:www.example.com") -days 365 -in example.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out example.com.crt
2. Put crt and key to gitlab ssl. Stop gitlab. Start gitlab.
Check gitlab have new DNS
openssl s_client -connect example.com:443 /dev/null | openssl x509 -noout -text | grep DNS:
3. if have 【x509: certificate signed by unknown authority】
gitlab-runner register --tls-ca-file="Use just create crt file"