Chef apt_pository开始失败,出现SSL验证错误 [英] Chef apt_repository started failing with SSL verification errors
本文介绍了Chef apt_pository开始失败,出现SSL验证错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
从过去两天开始,我们开始看到与apt_pository资源相关的chef执行失败。在厨师-客户执行过程中也出现了类似的故障
厨师-独唱版本:12.19.36 操作系统:Ubuntu v18&;Ubuntuv14
请参阅下面的chef-solo执行错误。
==> core: [2021-10-04T14:36:46+00:00] ERROR: SSL Validation failure connecting to host: www.postgresql.org - SSL_connect returned=1 errno=0 state=error: certificate verify failed
==> core:
==> core:
==> core: ================================================================================
==> core: Error executing action create on resource 'remote_file[/var/chef/cache/https___www_postgresql_org_media_keys_ACCC4CF8_asc]'
==> core: ================================================================================
==> core:
==> core: OpenSSL::SSL::SSLError
==> core: ----------------------
==> core: SSL Error connecting to https://www.postgresql.org/media/keys/ACCC4CF8.asc - SSL_connect returned=1 errno=0 state=error: certificate verify failed
==> core:
==> core:
==> core: Resource Declaration:
==> core: ---------------------
==> core: # In /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36/lib/chef/provider/apt_repository.rb
==> core:
==> core: 166: declare_resource(type, cached_keyfile) do
==> core: 167: source new_resource.key
==> core: 168: mode "0644"
==> core: 169: sensitive new_resource.sensitive
==> core: 170: action :create
==> core: 171: end
==> core: 172:
==> core:
==> core: Compiled Resource:
==> core:
==> core: ------------------
==> core: # Declared in /opt/chef/embedded/lib/ruby/gems/2.3.0/gems/chef-12.19.36/lib/chef/provider/apt_repository.rb:166:in `install_key_from_uri'
==> core:
推荐答案
这与上周四的Root CA Certificate Expiration让我们加密证书有关。
对于OpenSSL,我认为您至少需要升级到1.1,因为1.0.1处理证书链的方式存在错误。如果无法做到这一点,您将需要从操作系统中删除DST根CA X3证书。
Chef还提供它自己的根证书,它使用它来代替操作系统。我必须从/opt/chef/embedded/ssl/certs/cacert.pem中删除上述证书,并将ISRG根X1添加到其中。
这篇关于Chef apt_pository开始失败,出现SSL验证错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
