I created an issue: https://github.com/ansible/ansible/issues/7218
If there is anything else I can do to track down the bug, please let me know. Regards, Joost 2014-04-29 21:36 GMT+02:00 James Cammarata <[email protected]>: > Sorry for missing that. Could you please open an issue for this on github so > we can keep track of it? > > Thanks! > > > On Tue, Apr 29, 2014 at 12:08 AM, Joost Cassee <[email protected]> wrote: >> >> Hi James, >> >> Thanks for the ideas. As I mentioned, I am using the latest commit from >> devel, and have all the certificates. In fact, I showed that if I take the >> temporary file with CA certificates that Ansible creates and use it with >> gnutls-cli then the launchpad.net certificate validates. >> >> Regards, >> Joost >> >> Op 29 apr. 2014 02:58 schreef "James Cammarata" <[email protected]>: >>> >>> What version of Ansible are you running? There were some changes in >>> 1.5.3+ to address certificate validation issues on Ubuntu systems. Also >>> please make sure that you have the correct CA package installed >>> (ca-certificates) and that the /etc/ssl/certs/ directory is present and >>> contains certificates. >>> >>> >>> On Mon, Apr 28, 2014 at 5:48 PM, Joost Cassee <[email protected]> wrote: >>>> >>>> Hi, >>>> >>>> I am using the latest commit from the devel branch, and I am having >>>> difficulty adding an Apt repository. The system I am running Ansible on is >>>> Ubuntu 12.04, the provisioned host is running 14.04. I am using this task: >>>> >>>> - apt_repository: repo='ppa:webupd8team/java' >>>> >>>> The error is: >>>> msg: Failed to validate the SSL certificate for launchpad.net:443. Use >>>> validate_certs=no or make sure your managed systems have a valid CA >>>> certificate installed. Paths checked for this platform: /etc/ssl/certs, >>>> /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, >>>> /usr/share/ca-certificates/cacert.org, /etc/ansible >>>> >>>> I tried extracting the CA certificate file that urls.py builds and pass >>>> it to gnutls-cli to check whether the CA certificate is indeed missing: >>>> >>>> $ gnutls-cli --x509cafile certstmp.pem launchpad.net >>>> Processed 332 CA certificate(s). >>>> [...] >>>> - Certificate[0] info: >>>> - subject `OU=Domain Control Validated,CN=launchpad.net', issuer >>>> `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,OU=http://cer >>>> ts.godaddy.com/repository/,CN=Go Daddy Secure Certificate Authority - >>>> G2', RSA key 2048 bits, signed using RSA-SHA256, activated `2 >>>> 014-04-08 05:33:03 UTC', expires `2014-07-25 18:24:13 UTC', SHA-1 >>>> fingerprint `3e6aa453dcc8f9888e7ee368b374d9e2b21917c5' >>>> - Certificate[1] info: >>>> - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, >>>> Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure Certifica >>>> te Authority - G2', issuer `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, >>>> Inc.,CN=Go Daddy Root Certificate Authority - G2', RSA key >>>> 2048 bits, signed using RSA-SHA256, activated `2011-05-03 07:00:00 >>>> UTC', expires `2031-05-03 07:00:00 UTC', SHA-1 fingerprint `27a >>>> c9369faf25207bb2627cefaccbe4ef9c319b8' >>>> - Certificate[2] info: >>>> - subject `C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\, Inc.,CN=Go >>>> Daddy Root Certificate Authority - G2', issuer `C=US,O=The Go >>>> Daddy Group\, Inc.,OU=Go Daddy Class 2 Certification Authority', RSA key >>>> 2048 bits, signed using RSA-SHA256, activated `2014-01-01 >>>> 07:00:00 UTC', expires `2031-05-30 07:00:00 UTC', SHA-1 fingerprint >>>> `340b2880f446fcc04e59ed33f52b3d08d6242964' >>>> - The hostname in the certificate matches 'launchpad.net'. >>>> - Peer's certificate is trusted >>>> [...] >>>> >>>> What else can I do to debug this problem? >>>> >>>> Regards, >>>> Joost >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/d8b09d64-5032-48ac-a019-0b2149e43c12%40googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/lmAp8ui0JEc/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAMFyvFhNi5kM8ht-ZdRZLcDUO0jZzL%3Dm25y7P-pBvpgAg4SDMg%40mail.gmail.com. >>> >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAEQrH%2BeCL_Q7cu52GzP2CAfuEg1JOZwpCwcgXeJVS2Jj4Xvdgg%40mail.gmail.com. >> >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/lmAp8ui0JEc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAMFyvFgyzXmQOeWMDhQXRT0XSu7pZ-%2BQTObdtizgNOFAokQCQg%40mail.gmail.com. > > For more options, visit https://groups.google.com/d/optout. -- Joost Cassee http://joost.cassee.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEQrH%2BfR%2B4XHupRNGN8XNQULGFGpNE3n%2Bqvmy50FVQ6M1CPTuw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
