I have a on-prem gitlab where I am trying to run some builds/pipeline but getting the below error -

fatal: unable to access 'https://gitlab-ci-token:[MASKED]@gitlab.systems/testing/test-project-poc.git/': Peer's certificate issuer has been marked as not trusted by the user.

I have already looked into this - Gitlab:Peer's Certificate issuer is not recognized and followed the steps of obtaining the .pem file by merging the server certificate, intermediate certificate and root certificate but I am still getting the below error and really struggling to find the root cause.

/etc/gitlab/gitlab.rb config

##! enable/disable 2-way SSL client authentication
#nginx['ssl_verify_client'] = "off"

##! if ssl_verify_client on, verification depth in the client certificates chain
#nginx['ssl_verify_depth'] = "1"

nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.systems.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.systems.key"

Is there any other configuration which i need to update/modify? Any guidance is really appreciated.

I am guessing you are using a self signed certificate. If that is the case you have two options to rectify this issue:

1. Recommended option: Here again I assume that you have already solved the issue between the gitlab-runner and gitlab itself, hence you registered the runner successfully. So you have already the certificate file in /etc/gitlab-runner/certs. So on the server hosting the gitlab-runner, run the below command:

   git config --system http.sslCAInfo /etc/gitlab-runner/certs/CERITIFICATE_NAME.crt

2. This is unsafe: Here you just disable the git https certificate verification:

   git config --system http.sslverify false

My /etc/gitlab-runner/certs/blablabl.cer had to have the complete chain/root as per https://docs.gitlab.com/runner/configuration/tls-self-signed.html - which is a little weird since the production server has the smaller one and works. Restarted the runner.