Could not connect via HTTPS to https://forge.puppetlabs.com

asked 2013-01-11 17:17:33 -0500

theillien
116 ●8 ●11 ●22

I get the error in the title when attempting to install a module (saz/sudo) from the Forge.

I'm running puppet module install saz/sudo

The full error is:

Error: Could not connect via HTTPS to https://forge.puppetlabs.com
  Unable to verify the SSL certificate
    The certificate may not be signed by a valid CA
    The CA bundle included with OpenSSL may not be valid or up to date

I suspect it just be an issue with the site certificate. When I go to https://forge.puppetlabs.com in my browser I get the warning about an untrusted ... (more)

edit retag flag offensive close merge delete

Comments

i am having a similar issue but with RHEL 6.5 trying to connect to the module repository at forgeapi.puppetlabs.com. I am running puppet 3.6.2. Has nay one ever had this issue before and solved ? [root@hx689 yum.repos.d]# puppet module search ntp Notice: Searching https://forgeapi.puppetlabs.com ... Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date Error: Try 'puppet help module search' for usage

triceras ( 2014-07-01 22:24:39 -0500 )edit

add a comment

6

answered 2013-01-11 18:07:07 -0500

Adrien Thebo
206 ●2 ●4 ●5

updated 2013-03-19 20:24:15 -0500

If you're seeing this error this probably means that your system CA certificate bundle is missing or out of date. The forge.puppetlabs.com certificate is signed by the GeoTrust CA, so that CA certificate has to be part of the system certificate bundle (/etc/ssl/certs on Debian based distributions, /etc/pki/tls/certs on Redhat based distributions).

If you're seeing this error, the first thing you should probably do is update your system certificate bundle.

Debian

Debian based distributions have an independent package that installs the default CA certificate bundle, called 'ca-certificates'. Running apt-get update; apt-get ... (more)

edit flag offensive delete link

Comments

I looked at this earlier, and for me at least, it had been resolved.

llowder ( 2013-01-11 20:10:51 -0500 )edit

I haven't checked yet. I simply created my own sudo module that is actually simpler than the saz/sudo module and servers my purposes. It eliminated any current need ...(more)

theillien ( 2013-01-14 18:23:47 -0500 )edit

I'm on SLES 11, which I cannot easy update. But I see following GeoTrust CA certificates, but cannot install modules too: GeoTrust_Global_CA.pem GeoTrust_Primary_Certification_Authority.pem GeoTrust_Primary_Certification_Authority_G3.pem GeoTrust_Universal_CA_2.pem GeoTrust_Global_CA_2.pem GeoTrust_Primary_Certification_Authority_G2.pem GeoTrust_Universal_CA.pem Do I miss something?

Torsten Kleiber ( 2014-06-23 04:30:40 -0500 )edit

add a comment

1

answered 2013-01-12 10:14:20 -0500

fghaas
41 ●1 ●2 ●4

I'm having the same issue. Looks to me like the Forge's SSL cert chain doesn't properly verify.

edit flag offensive delete link

add a comment

1

answered 2013-01-15 03:10:33 -0500

vlc
11 ●2

updated 2013-01-15 22:40:47 -0500

I have this problem too (FreeBSD 9.0):

# puppet module install puppetlabs-nginx
Preparing to install into /usr/local/etc/puppet/modules ...
Downloading from https://forge.puppetlabs.com ...
Error: Could not connect via HTTPS to https://forge.puppetlabs.com
  Unable to verify the SSL certificate
    The certificate may not be signed by a valid CA
    The CA bundle included with OpenSSL may not be valid or up to date

In browser there is no problem.

PS: The problem is gone after update the port "ca_root_nss"

edit flag offensive delete link

Comments

I still have a problem even after update ca_root_nss

korjavin ( 2014-04-06 15:39:12 -0500 )edit

add a comment

0

answered 2017-03-24 09:00:58 -0500

d.akary
1

on windows server disable internet enhanced security

edit flag offensive delete link

add a comment

0

answered 2013-11-01 09:21:05 -0500

TomD

flag of United Kingdom of Great Britain and Northern Ireland

1

updated 2013-11-01 09:44:56 -0500

I encountered this problem on Windows and discovered that I needed the proxy setting in both Internet Options and puppet.conf for it to be able to successfully connect to the Forge.

edit flag offensive delete link

Comments

do you have that puppet.conf setting handy?

louis ( 2014-05-26 14:11:28 -0500 )edit

add a comment

0

answered 2015-08-31 10:28:15 -0500

slavka1978
1

Hey guys for those of you having the issue for Red Hat the following worked for me

First check to ensure your not behind a firewall try the following:

lynx google.com (and verify that you can browse the web)

then try the following:

cd /etc/pki/tls/certs curl -k -L -O https://raw.githubusercontent.com/bag...

edit flag offensive delete link

add a comment

0

answered 2013-04-23 14:53:47 -0500

jkyle
1

Just noting the above work around no longer works on OS X 10.8.3 and the most recent rvm.

edit flag offensive delete link

Comments

Are you using homebrew too per chance? Rvm no longer uses 'pkg', see rvm autolibs status. I am using homebrew, and found this worked a treat: brew install curl-ca-bundle && export SSL_CERT_FILE=/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

phips ( 2013-06-23 06:05:36 -0500 )edit

add a comment