Failed to validate the SSL certificate for archive.apache.org:443
414 views
Skip to first unread message
Pedro Ferro
Mar 6, 2017, 1:00:56 PM3/6/17
to Ansible Project
Hi,
Have this yml file
---
- hosts: localhost
sudo: yes
tasks:
- name: download solr-5.1.0.tgz
get_url:
url: https://archive.apache.org/dist/lucene/solr/5.1.0/solr-5.1.0.tgz
dest: /tmp/solr-5.1.0.tgzAnd got this error:
TASK [download solr-5.1.0.tgz] *************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to validate the SSL certificate for archive.apache.org:443. Make sure your managed systems have a valid CA certificate installed. If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine or you can install the `urllib3`, `pyopenssl`, `ndg-httpsclient`, and `pyasn1` python modules to perform SNI verification in python >= 2.6. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible"}
Python 2.7.6
Ansible 2
Working beyond a proxy (I can access the site archive.apache.org...)
If I make from terminal "wget https://archive.apache.org/dist/lucene/solr/5.1.0/solr-5.1.0.tgz " works.
What is strange is that on friday this thing was working in the same machine without any problems.
I'm not an IT guy so probably I'm making some basic errors.
Thanks in advance,
Pedro
Pedro
Dick Davies
Mar 6, 2017, 2:33:43 PM3/6/17
to ansible list
Your python is a bit old, so it doesn't support SNI.
To be fair the error message is pretty helpful.
I'm starting to see this more and more as some bigger providers start to cut
over to SNI.
I just use a command: to fire off curl, that works fine (I don't fancy upgrading
all my servers python versions just yet).
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a1a84f45-a3df-4e39-90eb-03a744c695cd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
To be fair the error message is pretty helpful.
I'm starting to see this more and more as some bigger providers start to cut
over to SNI.
I just use a command: to fire off curl, that works fine (I don't fancy upgrading
all my servers python versions just yet).
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/a1a84f45-a3df-4e39-90eb-03a744c695cd%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Pedro Ferro
Mar 7, 2017, 4:21:42 AM3/7/17
to Ansible Project, di...@hellooperator.net
Thanks for the help.
I just use a command: to fire off curl, that works fine
Like I said my field is not IT related, so if you could give me an exemple how to do that I appreciate.
Pedro
Dick Davies
Mar 7, 2017, 11:12:30 AM3/7/17
to Pedro Ferro, Ansible Project
Sure, see the second task here:
https://github.com/rasputnik/ansible-jira/blob/master/roles/jira/tasks/main.yml
https://github.com/rasputnik/ansible-jira/blob/master/roles/jira/tasks/main.yml
Mischa ter Smitten
Mar 8, 2017, 3:46:22 AM3/8/17
to Ansible Project, pedro...@gmail.com, di...@hellooperator.net
Python 2.7.10 is the first version to have decent SNI support
Reply all
Reply to author
Forward
0 new messages