Christopher Orr
2014-Mar-24 14:10 UTC
[Puppet Users] Broken certificate chain on apt.puppetlabs.com?
Hi all, I just noticed that some of my servers are having trouble while running `apt-get update`, apparently due to TLS issues with apt.puppetlabs.com. `apt-get update` returns: W: Failed to fetch https://apt.puppetlabs.com/dists/lucid/main/source/Sources.gz server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none However, I can access https://apt.puppetlabs.com fine via curl or Chrome, and the relevant root certificate is indeed in /etc/ssl/certs/ca-certificates.crt. But on closer inspection, it seems that the certificate chain returned when connecting to apt.puppetlabs.com contains two copies of the *.puppetlabs.com certificate as the first two links in the chain. I imagine it's possible that certain clients reject this as invalid. Has anybody else noticed this behaviour? In the meantime, I see that newer "puppetlabs-release-*.deb" packages use http://apt.puppetlabs.com (i.e. no https://), so I guess I have some apt-sources updating to do... Regards, Chris -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/941c4359-aff1-47af-b741-1b47aa5881f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.