Sorry for missing that. Could you please open an issue for this on github so we can keep track of it?
Thanks! On Tue, Apr 29, 2014 at 12:08 AM, Joost Cassee <[email protected]> wrote: > Hi James, > > Thanks for the ideas. As I mentioned, I am using the latest commit from > devel, and have all the certificates. In fact, I showed that if I take the > temporary file with CA certificates that Ansible creates and use it with > gnutls-cli then the launchpad.net certificate validates. > > Regards, > Joost > Op 29 apr. 2014 02:58 schreef "James Cammarata" <[email protected]>: > >> What version of Ansible are you running? There were some changes in >> 1.5.3+ to address certificate validation issues on Ubuntu systems. Also >> please make sure that you have the correct CA package installed >> (ca-certificates) and that the /etc/ssl/certs/ directory is present and >> contains certificates. >> >> >> On Mon, Apr 28, 2014 at 5:48 PM, Joost Cassee <[email protected]> wrote: >> >>> Hi, >>> >>> I am using the latest commit from the devel branch, and I am having >>> difficulty adding an Apt repository. The system I am running Ansible on is >>> Ubuntu 12.04, the provisioned host is running 14.04. I am using this task: >>> >>> - apt_repository: repo='ppa:webupd8team/java' >>> >>> The error is: >>> msg: Failed to validate the SSL certificate for launchpad.net:443. Use >>> validate_certs=no or make sure your managed systems have a valid CA >>> certificate installed. Paths checked for this platform: /etc/ssl/certs, >>> /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, >>> /usr/share/ca-certificates/cacert.org, /etc/ansible >>> >>> I tried extracting the CA certificate file that urls.py builds and pass >>> it to gnutls-cli to check whether the CA certificate is indeed missing: >>> >>> $ gnutls-cli --x509cafile certstmp.pem launchpad.net >>> Processed 332 CA certificate(s). >>> [...] >>> - Certificate[0] info: >>> - subject `OU=Domain Control Validated,CN=launchpad.net', issuer >>> `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://cer >>> ts.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - >>> G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2 >>> 014-04-08 05:33:03 UTC', expires `2014-07-25 18:24:13 UTC', SHA-1 >>> fingerprint `3e6aa453dcc8f9888e7ee368b374d9e2b21917c5' >>> - Certificate[1] info: >>> - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU= >>> http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certifica >>> te Authority - G2', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, >>> Inc.,CN=Go Daddy Root Certificate Authority - G2', RSA key >>> 2048 bits, signed using RSA-SHA256, activated `2011-05-03 07:00:00 >>> UTC', expires `2031-05-03 07:00:00 UTC', SHA-1 fingerprint `27a >>> c9369faf25207bb2627cefaccbe4ef9c319b8' >>> - Certificate[2] info: >>> - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,CN=Go >>> Daddy Root Certificate Authority - G2', issuer `C=US,O=The Go >>> Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key >>> 2048 bits, signed using RSA-SHA256, activated `2014-01-01 >>> 07:00:00 UTC', expires `2031-05-30 07:00:00 UTC', SHA-1 fingerprint >>> `340b2880f446fcc04e59ed33f52b3d08d6242964' >>> - The hostname in the certificate matches 'launchpad.net'. >>> - Peer's certificate is trusted >>> [...] >>> >>> What else can I do to debug this problem? >>> >>> Regards, >>> Joost >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Ansible Project" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ansible-project/lmAp8ui0JEc/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAMFyvFhNi5kM8ht-ZdRZLcDUO0jZzL%3Dm25y7P-pBvpgAg4SDMg%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAMFyvFhNi5kM8ht-ZdRZLcDUO0jZzL%3Dm25y7P-pBvpgAg4SDMg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAEQrH%2BeCL_Q7cu52GzP2CAfuEg1JOZwpCwcgXeJVS2Jj4Xvdgg%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAEQrH%2BeCL_Q7cu52GzP2CAfuEg1JOZwpCwcgXeJVS2Jj4Xvdgg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFgyzXmQOeWMDhQXRT0XSu7pZ-%2BQTObdtizgNOFAokQCQg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
