Thanks for pointing this out, I've raised an internal ticket with the operations team and will update this thread when I hear back.
--eric0 On Monday, March 24, 2014 7:10:09 AM UTC-7, Christopher Orr wrote: > > Hi all, > > I just noticed that some of my servers are having trouble while running > `apt-get update`, apparently due to TLS issues with apt.puppetlabs.com. > > `apt-get update` returns: > W: Failed to fetch > https://apt.puppetlabs.com/dists/lucid/main/source/Sources.gz server > certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt > CRLfile: none > > However, I can access https://apt.puppetlabs.com fine via curl or Chrome, > and the relevant root certificate is indeed in > /etc/ssl/certs/ca-certificates.crt. > But on closer inspection, it seems that the certificate chain returned > when connecting to apt.puppetlabs.com contains two copies of the *. > puppetlabs.com certificate as the first two links in the chain. > > I imagine it's possible that certain clients reject this as invalid. > Has anybody else noticed this behaviour? > > In the meantime, I see that newer "puppetlabs-release-*.deb" packages use > http://apt.puppetlabs.com (i.e. no https://), so I guess I have some > apt-sources updating to do... > > Regards, > Chris > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bf68deed-8318-4d1a-b720-ad1003993432%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
