What version of Ansible are you running? There were some changes in 1.5.3+ to address certificate validation issues on Ubuntu systems. Also please make sure that you have the correct CA package installed (ca-certificates) and that the /etc/ssl/certs/ directory is present and contains certificates.
On Mon, Apr 28, 2014 at 5:48 PM, Joost Cassee <[email protected]> wrote: > Hi, > > I am using the latest commit from the devel branch, and I am having > difficulty adding an Apt repository. The system I am running Ansible on is > Ubuntu 12.04, the provisioned host is running 14.04. I am using this task: > > - apt_repository: repo='ppa:webupd8team/java' > > The error is: > msg: Failed to validate the SSL certificate for launchpad.net:443. Use > validate_certs=no or make sure your managed systems have a valid CA > certificate installed. Paths checked for this platform: /etc/ssl/certs, > /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, > /usr/share/ca-certificates/cacert.org, /etc/ansible > > I tried extracting the CA certificate file that urls.py builds and pass it > to gnutls-cli to check whether the CA certificate is indeed missing: > > $ gnutls-cli --x509cafile certstmp.pem launchpad.net > Processed 332 CA certificate(s). > [...] > - Certificate[0] info: > - subject `OU=Domain Control Validated,CN=launchpad.net', issuer > `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://cer > ts.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - > G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2 > 014-04-08 05:33:03 UTC', expires `2014-07-25 18:24:13 UTC', SHA-1 > fingerprint `3e6aa453dcc8f9888e7ee368b374d9e2b21917c5' > - Certificate[1] info: > - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU= > http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certifica > te Authority - G2', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, > Inc.,CN=Go Daddy Root Certificate Authority - G2', RSA key > 2048 bits, signed using RSA-SHA256, activated `2011-05-03 07:00:00 UTC', > expires `2031-05-03 07:00:00 UTC', SHA-1 fingerprint `27a > c9369faf25207bb2627cefaccbe4ef9c319b8' > - Certificate[2] info: > - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,CN=Go Daddy > Root Certificate Authority - G2', issuer `C=US,O=The Go > Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key > 2048 bits, signed using RSA-SHA256, activated `2014-01-01 > 07:00:00 UTC', expires `2031-05-30 07:00:00 UTC', SHA-1 fingerprint > `340b2880f446fcc04e59ed33f52b3d08d6242964' > - The hostname in the certificate matches 'launchpad.net'. > - Peer's certificate is trusted > [...] > > What else can I do to debug this problem? > > Regards, > Joost > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFhNi5kM8ht-ZdRZLcDUO0jZzL%3Dm25y7P-pBvpgAg4SDMg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
