Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Failed to validate the SSL certificate for galaxy.ansible.com:443

See original GitHub issue

Bug Report

SUMMARY

ansible-galaxy cannot download roles from galaxy.ansible.com because of an SSL error. Other domains - such as github.com - work fine using the same environment & version of ansible.

We did not have any issue last week with the exact same setup.

We reproduced this on multiple Ubuntu / Windows /Docker machines with different connections.

$ ansible --version
ansible 2.6.0
  config file = None
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/dist-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC 4.8.4]
STEPS TO REPRODUCE

In requirements.yml:

---

- src: Stouts.mongodb
  version: 2.2.7

In a shell running in the same directory as requirements.yml:

docker run --rm -it -v `pwd`:/data ansible/ansible:ubuntu1404 bash
# the following commands now run in the newly created Docker container
cd /data
pip install ansible
ansible-galaxy install --role-file=/data/requirements.yml
EXPECTED RESULTS

The role Stouts.mongodb is installed.

ACTUAL RESULTS
[WARNING]: - Stouts.mongodb was NOT installed successfully: Failed to get data
from the API server (https://galaxy.ansible.com/api/): Failed to validate the
SSL certificate for galaxy.ansible.com:443. Make sure your managed systems have
a valid CA certificate installed. If the website serving the url uses SNI you
need python >= 2.7.9 on your managed machine  (the python executable used
(/usr/bin/python) is version: 2.7.6 (default, Nov 23 2017, 15:49:48) [GCC
4.8.4]) or you can install the `urllib3`, `pyOpenSSL`, `ndg-httpsclient`, and
`pyasn1` python modules to perform SNI verification in python >= 2.6. You can
use validate_certs=False if you do not need to confirm the servers identity but
this is unsafe and not recommended. Paths checked for this platform:
/etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share
/ca-certificates/cacert.org, /etc/ansible. The exception msg was: hostname
u'galaxy.ansible.com' doesn't match either of
'*.c1e4.galaxy.openshiftapps.com', 'c1e4.galaxy.openshiftapps.com'.

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:12
  • Comments:13 (6 by maintainers)

github_iconTop GitHub Comments

15reactions
chouseknechtcommented, Jul 2, 2018

Seems to be working OK for me:

ansible-galaxy 2.7.0.dev0 (devel fb0b804988) last updated 2018/06/28 14:19:16 (GMT -400)
  config file = /Users/chouseknecht/ansible.cfg
  configured module search path = [u'/Users/chouseknecht/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/chouseknecht/projects/ansible/lib/ansible
  executable location = /Users/chouseknecht/projects/ansible/bin/ansible-galaxy
  python version = 2.7.14 (default, Nov 14 2017, 23:24:24) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.38)]
Using /Users/chouseknecht/ansible.cfg as config file
Opened /Users/chouseknecht/.ansible_galaxy
Processing role geerlingguy.apache
Opened /Users/chouseknecht/.ansible_galaxy
Initial connection to galaxy_server: https://galaxy.ansible.com
Base API: https://galaxy.ansible.com/api/v1
- downloading role 'apache', owned by geerlingguy
https://galaxy.ansible.com/api/v1/roles/?owner__username=geerlingguy&name=apache
https://galaxy.ansible.com/api/v1/roles/428/versions/?page_size=50
- downloading role from https://github.com/geerlingguy/ansible-role-apache/archive/3.0.0.tar.gz
- extracting geerlingguy.apache to /Users/chouseknecht/roles/geerlingguy.apache
- geerlingguy.apache (3.0.0) was installed successfully
12reactions
lobsterdorecommented, Jul 2, 2018

Started happening to me as well today, I had to add the -c flag to ignore cert warnings.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to fix following ansible galaxy SSL error? - Stack Overflow
The underlying problem is that your Python environment is not finding/making use of the default root certificates that are installed on your OS....
Read more >
Ansible, Github, and a Failed to validate the SSL certificate story
[ERROR]: failed to download the file: Failed to validate the SSL certificate for github.com:443. Make sure your managed systems have a valid ......
Read more >
Why Am I Receiving SSL Certificate Errors When ...
When downloading roles from Ansible Galaxy, receiving an error like ... the file: Failed to validate the SSL certificate for github.com:443.
Read more >
ansible/ansible - Gitter
Failed to get data from the API server (https://galaxy.ansible.com/api/): Failed to validate the SSL certificate for galaxy.ansible.com:443.
Read more >
ansible-galaxy fails to validate the SSL certificateurlopen error ...
ansible -galaxy fails to validate the SSL certificateurlopen error SSL CERTIFICATE VERIFY FAILED RROR - you can use --ignore-errors to skip ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

104 Connection reset by peer while downloading role geerlingguy.php

Next page

Search / download broken after Galaxy Update