Roots Discourse

SSL certificate failed verification

OS: ubuntu 20.04

Hello, when i make a “vagrant up” i have an ssl certificate error:

[WARNING]: - composer was NOT installed successfully: Unknown error when
attempting to call Galaxy at 'https://galaxy.ansible.com/api/': <urlopen error
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local
issuer certificate (_ssl.c:1123)>

I don’t understand because i have the same configuration in several projects but one is working and i cant seem to find the problem because they have the same configuration files.

What am i doing wrong ?
Thanks for your help

This appears to be a client-side issue.
Are you using a recent enough python, ansible and is your CA certificates store up to date?
When you request https://galaxy.ansible.com/api/ in your browser on that same workstation where this issue occured, does it work or is a HTTPS error displayed?
The same when requesting in the same terminal as the failed vagrant command (curl https://galaxy.ansible.com/api/ and wget https://galaxy.ansible.com/api/)?

Hello starsis, thank you for your answer.
I think it is a certificate problem because whan i make the wget request, here is the response:

ERROR: cannot verify galaxy.ansible.com's certificate, issued by ‘CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US’:

Unable to locally verify the issuer's authority.

In fact i don’t really know how to update the certificate, do you have some ressources so that i can update it?

Thanks in advance

Yes, it appears that the trusted CA root certificates on that system (that makes the requests!) may be outdated, hence the Cloudflare CA is not accepted. You must update the root CA store on that system.

Hey, thank youy for your time,

I cant seem to find a way to correct this error. I used certifi with pip3 to generate the certificates but i still have the same error. Do you have some resources to share with me so i can access my boxes please?

pip seems to have its own certificate updater:

This topic was automatically closed after 42 days. New replies are no longer allowed.