apt weak_ssl paramerer --- workaround for apt key error: "certificate verify failed (unable to get local issuer certificate)"? #52

mc-hack · 2022-06-07T16:10:00Z

Affected Puppet, Ruby, OS and module versions/distributions

Puppet: 6
Ruby: -
Distribution: Debian 11.3 (Bullseye)
Module version: v8.0.0

How to reproduce (e.g Puppet code you use)

using elastic_stack to manage repo at fresh debian bullseye installation:

	class { 'elastic_stack::repo':
  		version => 7,
	}

What are you seeing

Error: certificate verify failed (unable to get local issuer certificate)

What behaviour did you expect instead

like to have "weak_ssl" option for apt::source module as workaround:

Boolean           $apt_weak_ssl  = false,

.. and then:

  case $facts['os']['family'] {
    'Debian': {
      include apt

      apt::source { 'elastic':
        ensure   => 'present',
        comment  => $description,
        location => $base_url,
        release  => 'stable',
        repos    => 'main',
        key      => {
          'id'     => $key_id,
          'source'  => $key_source,
          'weak_ssl'  => $apt_weak_ssl,
        },
        include  => {
          'deb' => true,
          'src' => false,
        },
        pin      => $priority,
      }
    }

Output log

Error: Could not set 'present' on ensure: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (file: /etc/puppetlabs/code/environments/production/modules/apt/manifests/key.pp, line: 55)
Error: Could not set 'present' on ensure: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (file: /etc/puppetlabs/code/environments/production/modules/apt/manifests/key.pp, line: 55)
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Error: /Stage[first]/Elastic_stack::Repo/Apt::Source[elastic]/Apt::Key[Add key: 46095ACC8548582C1A2699A9D27D666CD88E42B4 from Apt::Source elastic]/Apt_key[Add key: 46095ACC8548582C1A2699A9D27D666CD88E42B4 from Apt::Source elastic]/ensure: change from 'absent' to 'present' failed: Could not set 'present' on ensure: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (file: /etc/puppetlabs/code/environments/production/modules/apt/manifests/key.pp, line: 55)

Any additional information you'd like to impart

The text was updated successfully, but these errors were encountered:

phaedriel mentioned this issue Jan 1, 2023

add a key_weak_ssl parameter #61

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

apt weak_ssl paramerer --- workaround for apt key error: "certificate verify failed (unable to get local issuer certificate)"? #52

apt weak_ssl paramerer --- workaround for apt key error: "certificate verify failed (unable to get local issuer certificate)"? #52

mc-hack commented Jun 7, 2022 •

edited

Loading

apt weak_ssl paramerer --- workaround for apt key error: "certificate verify failed (unable to get local issuer certificate)"? #52

apt weak_ssl paramerer --- workaround for apt key error: "certificate verify failed (unable to get local issuer certificate)"? #52

Comments

mc-hack commented Jun 7, 2022 • edited Loading

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

What are you seeing

What behaviour did you expect instead

Output log

Any additional information you'd like to impart

mc-hack commented Jun 7, 2022 •

edited

Loading