Ask Your Question
3

Could not connect via HTTPS to https://forge.puppetlabs.com

asked 2013-01-11 17:17:33 -0600

theillien gravatar image

I get the error in the title when attempting to install a module (saz/sudo) from the Forge.

I'm running puppet module install saz/sudo

The full error is:

Error: Could not connect via HTTPS to https://forge.puppetlabs.com
  Unable to verify the SSL certificate
    The certificate may not be signed by a valid CA
    The CA bundle included with OpenSSL may not be valid or up to date

I suspect it just be an issue with the site certificate. When I go to https://forge.puppetlabs.com in my browser I get the warning about an untrusted ... (more)

edit retag flag offensive close merge delete

Comments

i am having a similar issue but with RHEL 6.5 trying to connect to the module repository at forgeapi.puppetlabs.com. I am running puppet 3.6.2. Has nay one ever had this issue before and solved ? [root@hx689 yum.repos.d]# puppet module search ntp Notice: Searching https://forgeapi.puppetlabs.com ... Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date Error: Try 'puppet help module search' for usage

triceras gravatar imagetriceras ( 2014-07-01 22:24:39 -0600 )edit

7 Answers

Sort by ยป oldest newest most voted
6

answered 2013-01-11 18:07:07 -0600

Adrien Thebo gravatar image

updated 2013-03-19 20:24:15 -0600

If you're seeing this error this probably means that your system CA certificate bundle is missing or out of date. The forge.puppetlabs.com certificate is signed by the GeoTrust CA, so that CA certificate has to be part of the system certificate bundle (/etc/ssl/certs on Debian based distributions, /etc/pki/tls/certs on Redhat based distributions).

If you're seeing this error, the first thing you should probably do is update your system certificate bundle.

Debian

Debian based distributions have an independent package that installs the default CA certificate bundle, called 'ca-certificates'. Running apt-get update; apt-get ... (more)

edit flag offensive delete link more

Comments

I looked at this earlier, and for me at least, it had been resolved.

llowder gravatar imagellowder ( 2013-01-11 20:10:51 -0600 )edit

I haven't checked yet. I simply created my own sudo module that is actually simpler than the saz/sudo module and servers my purposes. It eliminated any current need ...(more)

theillien gravatar imagetheillien ( 2013-01-14 18:23:47 -0600 )edit

I'm on SLES 11, which I cannot easy update. But I see following GeoTrust CA certificates, but cannot install modules too: GeoTrust_Global_CA.pem GeoTrust_Primary_Certification_Authority.pem GeoTrust_Primary_Certification_Authority_G3.pem GeoTrust_Universal_CA_2.pem GeoTrust_Global_CA_2.pem GeoTrust_Primary_Certification_Authority_G2.pem GeoTrust_Universal_CA.pem Do I miss something?

Torsten Kleiber gravatar imageTorsten Kleiber ( 2014-06-23 04:30:40 -0600 )edit
1

answered 2013-01-12 10:14:20 -0600

fghaas gravatar image

I'm having the same issue. Looks to me like the Forge's SSL cert chain doesn't properly verify.

edit flag offensive delete link more
1

answered 2013-01-15 03:10:33 -0600

vlc gravatar image

updated 2013-01-15 22:40:47 -0600

I have this problem too (FreeBSD 9.0):

# puppet module install puppetlabs-nginx
Preparing to install into /usr/local/etc/puppet/modules ...
Downloading from https://forge.puppetlabs.com ...
Error: Could not connect via HTTPS to https://forge.puppetlabs.com
  Unable to verify the SSL certificate
    The certificate may not be signed by a valid CA
    The CA bundle included with OpenSSL may not be valid or up to date

In browser there is no problem.

PS: The problem is gone after update the port "ca_root_nss"

edit flag offensive delete link more

Comments

I still have a problem even after update ca_root_nss

korjavin gravatar imagekorjavin ( 2014-04-06 15:39:12 -0600 )edit
0

answered 2017-03-24 09:00:58 -0600

on windows server disable internet enhanced security

edit flag offensive delete link more
0

answered 2013-11-01 09:21:05 -0600

TomD gravatar image

updated 2013-11-01 09:44:56 -0600

I encountered this problem on Windows and discovered that I needed the proxy setting in both Internet Options and puppet.conf for it to be able to successfully connect to the Forge.

edit flag offensive delete link more

Comments

do you have that puppet.conf setting handy?

louis gravatar imagelouis ( 2014-05-26 14:11:28 -0600 )edit
0

answered 2015-08-31 10:28:15 -0600

Hey guys for those of you having the issue for Red Hat the following worked for me

First check to ensure your not behind a firewall try the following:

lynx google.com (and verify that you can browse the web)

then try the following:

cd /etc/pki/tls/certs curl -k -L -O https://raw.githubusercontent.com/bag...

edit flag offensive delete link more
0

answered 2013-04-23 14:53:47 -0600

jkyle gravatar image

Just noting the above work around no longer works on OS X 10.8.3 and the most recent rvm.

edit flag offensive delete link more

Comments

Are you using homebrew too per chance? Rvm no longer uses 'pkg', see rvm autolibs status. I am using homebrew, and found this worked a treat: brew install curl-ca-bundle && export SSL_CERT_FILE=/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

phips gravatar imagephips ( 2013-06-23 06:05:36 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2013-01-11 17:17:33 -0600

Seen: 8,377 times

Last updated: Nov 01 '13