Foreman cannot communicate with it’s proxy using a valid Let’s Encrypt certificate when the proxy is validated working with the certificate using the browser
Expected outcome:
Successful proxy communication.
Foreman and Proxy versions:
Foreman 1.21.0-RC4
Proxy latest version that comes with 1.21.0-RC4
I had a similar problem with an internal microsoft pki.
the certificate must be able to authenticate clients.
you can validate this with openssl x509 -text -noout -in mydomain.tld.crt the section “X509v3 Extended Key Usage” lists “TLS Web Client Authentication, TLS Web Server Authentication”
Good to know, true actually as well! The proxy only won’t accept it from foreman, but foreman accepts it from the proxy as far as I can see ?
Maybe let puppetCA manage hemt anyway but the aio puppet since puppet 4 doesn’t add the puppet user/group anymore to relax the cert usag. I try to find a solution for that!