Thanks for pointing this out, I've raised an internal ticket with the operations team and will update this thread when I hear back.
--eric0 On Monday, March 24, 2014 7:10:09 AM UTC-7, Christopher Orr wrote: > > Hi all, > > I just noticed that some of my servers are having trouble while running > `apt-get update`, apparently due to TLS issues with apt.puppetlabs.com. > > `apt-get update` returns: > W: Failed to fetch > https://apt.puppetlabs.com/dists/lucid/main/source/Sources.gz server > certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt > CRLfile: none > > However, I can access https://apt.puppetlabs.com fine via curl or Chrome, > and the relevant root certificate is indeed in > /etc/ssl/certs/ca-certificates.crt. > But on closer inspection, it seems that the certificate chain returned > when connecting to apt.puppetlabs.com contains two copies of the *. > puppetlabs.com certificate as the first two links in the chain. > > I imagine it's possible that certain clients reject this as invalid. > Has anybody else noticed this behaviour? > > In the meantime, I see that newer "puppetlabs-release-*.deb" packages use > http://apt.puppetlabs.com (i.e. no https://), so I guess I have some > apt-sources updating to do... > > Regards, > Chris > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/bf68deed-8318-4d1a-b720-ad1003993432%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
