Hello, thank you for this article. I had created cert by command: sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -sha256 -keyout /etc/ssl/private/nginx-selfsigned-gitlab.key -out /etc/ssl/certs/nginx-selfsigned-gitlab.crt -subj "/C=US/ST=NY/L=NY/O=GL/OU=GL/CN=gitlab.site" -addext "subjectAltName = DNS:gitlab.site" So I just copy and rename it to ca.crt. I dont understand why I need create 2 cert for this (ca.crt and gitlab.crt)?