Problem:
After Foreman/Katello server rebuild, when I try to access RedHat repositories on a registered RedHat server, I get the following results.
[root@xxxxxxxxxxx]# dnf check-update
Updating Subscription Management repositories.
katello_client_el8_x86_64 2.0 55 kB/s | 3.7 kB 00:00
ms_rhel8_x64 56 kB/s | 3.5 kB 00:00
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 571 B/s | 69 B 00:00
Errors during downloading metadata for repository 'rhel-8-for-x86_64-baseos-rpms':
- Status code: 403 for https://foreman.jkhy.com/pulp/repos/Jack_Henry/Development/Redhat_8_content/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml (IP: xxx.xxx.xxx.xxx)
Error: Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Access to repositories for non-RedHat content do not have this issue.
Expected outcome:
Repository content should be accessed and updates reported.
Foreman and Proxy versions:
Foreman 2.3.1
Katello 3.18.0
Foreman and Proxy plugin versions:
foreman-tasks 3.0.2
foreman_remote_execution 4.2.1
katello 3.18.0
Distribution and version:
Foreman server: CentOS 7.9.2009
RedHat client server: Red Hat Enterprise Linux release 8.2 (Ootpa)
Other relevant data:
Server was installed with private certificate and CA for https access.
Logs from Foreman server
/var/log/httpd/foreman-ssl_error_ssl.log
[Thu Jan 07 12:17:19.750475 2021] [ssl:error] [pid 1824] [client xxx.xxx.xxx.216:58636] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain
[Thu Jan 07 12:17:20.165632 2021] [ssl:error] [pid 22674] [client xxx.xxx.xxx.216:58638] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:20.211146 2021] [ssl:error] [pid 22673] [client xxx.xxx.xxx.216:58640] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:20.258924 2021] [ssl:error] [pid 22671] [client xxx.xxx.xxx.216:58642] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:20.336269 2021] [ssl:error] [pid 22668] [client xxx.xxx.xxx.216:58644] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:21.258367 2021] [ssl:error] [pid 22672] [client xxx.xxx.xxx.216:58646] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain
[Thu Jan 07 12:17:21.628316 2021] [ssl:error] [pid 22670] [client xxx.xxx.xxx.216:58648] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:21.663871 2021] [ssl:error] [pid 22669] [client xxx.xxx.xxx.216:58650] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:21.700131 2021] [ssl:error] [pid 1801] [client xxx.xxx.xxx.216:58652] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:21.734850 2021] [ssl:error] [pid 1823] [client xxx.xxx.xxx.216:58654] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:22.555812 2021] [ssl:error] [pid 1824] [client xxx.xxx.xxx.216:58656] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain
[Thu Jan 07 12:17:22.930034 2021] [ssl:error] [pid 22674] [client xxx.xxx.xxx.216:58658] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:22.971969 2021] [ssl:error] [pid 22673] [client xxx.xxx.xxx.216:58660] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:23.008883 2021] [ssl:error] [pid 22671] [client xxx.xxx.xxx.216:58662] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:23.106691 2021] [ssl:error] [pid 22668] [client xxx.xxx.xxx.216:58664] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:23.933938 2021] [ssl:error] [pid 22672] [client xxx.xxx.xxx.216:58666] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain
[Thu Jan 07 12:17:24.312675 2021] [ssl:error] [pid 22670] [client xxx.xxx.xxx.216:58668] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:24.359870 2021] [ssl:error] [pid 22669] [client xxx.xxx.xxx.216:58670] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:24.409622 2021] [ssl:error] [pid 1801] [client xxx.xxx.xxx.216:58672] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:24.445208 2021] [ssl:error] [pid 1823] [client xxx.xxx.xxx.216:58674] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:24.775625 2021] [ssl:error] [pid 1824] [client xxx.xxx.xxx.100:58878] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain
[Thu Jan 07 12:17:25.029376 2021] [ssl:error] [pid 22674] [client xxx.xxx.xxx.100:58880] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.082338 2021] [ssl:error] [pid 22673] [client xxx.xxx.xxx.100:58882] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.134401 2021] [ssl:error] [pid 22671] [client xxx.xxx.xxx.100:58884] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.187852 2021] [ssl:error] [pid 22668] [client xxx.xxx.xxx.100:58886] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.241968 2021] [ssl:error] [pid 22672] [client xxx.xxx.xxx.100:58888] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.244617 2021] [ssl:error] [pid 22670] [client xxx.xxx.xxx.216:58676] AH02039: Certificate Verification: Error (19): self signed certificate in certificate chain
[Thu Jan 07 12:17:25.608008 2021] [ssl:error] [pid 22669] [client xxx.xxx.xxx.216:58678] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.648516 2021] [ssl:error] [pid 1801] [client xxx.xxx.xxx.216:58680] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.684085 2021] [ssl:error] [pid 1823] [client xxx.xxx.xxx.216:58682] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate
[Thu Jan 07 12:17:25.723419 2021] [ssl:error] [pid 1824] [client xxx.xxx.xxx.216:58684] AH02039: Certificate Verification: Error (20): unable to get local issuer certificate