Problem:
I am attempting to migrate our old foreman/puppet setup to a new host, and the migrate was not working properly (having odd cert issues), so I was advised to try again from the beginning, and to start by running foreman-installer on the old server to identify any in-place issues, lo and behold, it seems to have found one - which appears to also be a cert issue - perhaps the very same one (the certs on the host are a bit of a mess)
Running foreman-installer --noop (or, any other arguments for that matter) gives me this error:
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.domain.com]: Could not evaluate: Exception SSL_connect returned=1 errno=0 state=error: certificate verify failed in get request to: https://foreman.domain.com/api/v2/smart_proxies?search=name="foreman.domain.com"
Expected outcome:
Run without errors.
Foreman and Proxy versions:
1.24.2
Foreman and Proxy plugin versions:
foreman-tasks 0.17.6
foreman_remote_execution 2.0.8
foreman_setup 6.0.0
Distribution and version:
Debian 9
Other relevant data:
The following may or may not be “normal”, but I tried accessing all the URLs contained in the error messages.
When attempting to curl: https://foreman.domain.com/api/v2/smart_proxies?search=name=“foreman.domain.com” from the foreman server, I get:
curl: (60) SSL certificate problem: unable to get local issuer certificate
When trying to curl https://foreman.domain.com:8443/ , I see:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
I have more detailed logs, but I strongly feel that I am having a problem with a single, invalid cert file somewhere, but I am a bit of a novice when it comes to any form of web service or SSL.
We have proper SSL certs for our domain, which work, but it seems they have been applied improperly in this case.
Can anyone give me some guidance as to what kind of certificate mistake could cause this kind of problem?