Tag Archives: GitHub

Configuring self-hosted runners with a default self-signed certificate for GitHub Enterprise Server

Quick fix:

  1. Copy “/etc/haproxy/ssl.crt” from GHE Server to Runner machine under ” /usr/local/share/ca-certificates/ “
  1. Updated the certificate in the runner server by running ” sudo update-ca-certificates “
$ az vm image list --all -f GitHub-Enterprise | grep '"urn":' | sort -V
#Standard E4s v3 (4 vcpus, 32 GiB memory)
$ az vm create -n myghesvr -g My-01-RG --size Standard_E4ds_v4 -l southeastasia --image GitHub:GitHub-Enterprise:GitHub-Enterprise:3.3.3 --storage-sku StandardSSD_LRS
$ az vm disk attach --name ghevm-data-01 --new --resource-group My-01-RG --size-gb 100 --sku Standard_LRS --vm-name myghesvr  
$ az vm open-port -n myghesvr  -g My-01-RG --port 8443
$ az vm open-port -n myghesvr -g My-01-RG --port 122 --priority 903
$ az vm open-port -n myghesvr -g My-01-RG --port 443 --priority 904
$ az vm open-port -n myghesvr -g My-01-RG --port 80 --priority 905


Screenshot: Local machine:

$ scp -P 122 admin@myghesvr.exzilla.com:/etc/haproxy/ssl.crt .
$ scp ssl.crt azuser@gherne4.exzilla.com:/home/azuser/ghe7-ssl.crt

Screenshot: Runner machine:

azuser@myghesvr:~$ openssl x509 -noout -text -in /etc/haproxy/ssl.crt
azuser@gherne4:~$ sudo cp ghe7-ssl.crt /usr/local/share/ca-certificates/
azuser@gherne4:~$ ls -l /usr/local/share/ca-certificates
total 4
-rw-r--r-- 1 root root 1618 Feb 13 09:35 ghe7-ssl.crt
azuser@gherne4:~$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.
azuser@gherne4:~$

Sample YAML file: m18h/sample-actions-ghe7-self-signed.yaml at master · fujute/m18h (github.com)

Alternative: Disabling TLS certificate verification

## https://docs.github.com/en/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners#disabling-tls-certificate-verification
##
export GITHUB_ACTIONS_RUNNER_TLS_NO_VERIFY=1
./config.sh --url https://github.com/octo-org/octo-repo --token
./run.sh

See Also:

* Troubleshooting GitHub Actions for your enterprise – GitHub Docs
* https://github.com/actions/runner/issues
* Monitoring and troubleshooting self-hosted runners
* Troubleshooting GitHub Actions for your enterprise