> > The easy solution may just be updating your cacert bundle by updating the > ca-certificates package and then trying again. >
Adding - name: Update ca-certificates apt: name: ca-certificates state: latest before installing apt key didn't help. > My initial look indicates that the server is not using SNI, it has a > wildcard cert, provided by Amazon. > Following this answer on serverfault.com: http://serverfault.com/a/780388/162443 I get: $ dig +noall +answer deb.nodesource.com deb.nodesource.com. 300 IN CNAME d2buw04m05mirl.cloudfront.net. d2buw04m05mirl.cloudfront.net. 60 IN A 54.230.230.81 ... $ openssl s_client -servername deb.nodesource.com -tlsextdebug -connect d2buw04m05mirl.cloudfront.net:443 2>/dev/null | grep "server name" TLS server extension "server name" (id=0), len=0 Which most likely means, that the server uses SNI. Here's what I came up with: - hosts: all tasks: - name: Install apt_key dependencies apt: name: '{{ item }}' with_items: [python-urllib3, python-openssl, python-pyasn1, python-pip] when: ansible_distribution == 'Ubuntu' or ansible_distribution_release == 'trusty' - name: Install apt_key dependencies command: pip install ndg-httpsclient when: ansible_distribution == 'Ubuntu' or ansible_distribution_release == 'trusty' After this apt key gets installed. Regards, Yuri -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f4bbc884-5c3d-4ef2-9d85-13e1db01c5e0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.