Pulp fails to start after installing a custom certificate

I just installed a fresh Katello 4/Foreman 2.4 and after adding my company certificate and restarting Pulp will no longer start?

# pulp status
Error: HTTPSConnectionPool(host='localhost', port=443): Max retries exceeded with url: /pulp/api/v3/docs/api.json (Caused by SSLError(CertificateError("hostname 'localhost' doesn't match either of '*.services.com', 'services.com'",),))

Expected outcome:
Pulp starts.

Foreman and Proxy versions:
Foerman 2.4.0 and Katello 4.0

Foreman and Proxy plugin versions:
Openscap, Dynflow, Ansible, SSH, Pulpcore, TFTP, Puppet CA, Puppet, BMC, Logs, and Registration 2.4.0

Distribution and version:
Centos 7.9

Other relevant data:
This is a brand new installation

# systemctl status -l pulpcore-resource-manager.service
● pulpcore-resource-manager.service - Pulp Resource Manager
   Loaded: loaded (/etc/systemd/system/pulpcore-resource-manager.service; enabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Thu 2021-05-20 11:22:33 CEST; 2s ago
  Process: 12258 ExecStart=/usr/libexec/pulpcore/rq worker -w pulpcore.tasking.worker.PulpWorker -n resource-manager -c pulpcore.rqconfig --disable-job-desc-logging (code=exited, status=1/FAILURE)
 Main PID: 12258 (code=exited, status=1/FAILURE)
    Tasks: 0
   CGroup: /system.slice/pulpcore-resource-manager.service

May 20 11:22:33 foreman.cloudboxservices.com systemd[1]: Unit pulpcore-resource-manager.service entered failed state.
May 20 11:22:33 foreman.cloudboxservices.com systemd[1]: pulpcore-resource-manager.service failed.

I can run https://foreman.services.com:9090/features in my browser and it responds with the proxy features so it is not a firewall issue.

What does hammer ping show?

Does manually restarting pulpcore-resource-manager produce the same error again?

Hi ehelms,

hammer ping just seemed to hang so I have just started a rebuild from my Ansible playbook to try to recreate the VM from scratch which will take approx 1 hour. I will try your suggestions then.
The strange part is that I built another VM using the playbook and that one is fine. The only change I made since then was to swap out the cockpit self-signed cert for the wildcard one.


Unfortunately I am now unable to install Katello as it complains about: qpid-proton-c = 0.33.0

I need to do some other stuff now so will try again later with Centos-8 to see if that makes a difference.

@techietubby at what part of the install did you encounter that qpid_proton issue? I might have encountered the same issue.

I did a clean install with all the plugins and everything was working. It seems to break when I reboot

I am trying to rebuild and install katello 4.0 in order to reproduce but get stuck at:

Error: Package: tfm-rubygem-qpid_proton-0.33.0-1.el7.x86_64 (katello)
Requires: qpid-proton-c = 0.33.0
Removing: qpid-proton-c-0.33.0-1.el7.x86_64 (@/qpid-proton-c-0.33.0-1.el7.x86_64)
qpid-proton-c = 0.33.0-1.el7
Updated By: qpid-proton-c-0.34.0-1.el7.x86_64 (epel)
qpid-proton-c = 0.34.0-1.el7
Available: qpid-proton-c-0.14.0-2.el7.x86_64 (extras)
qpid-proton-c = 0.14.0-2.el7

Don’t think this is anything to do with the problem but I will keep trying.

See Katello installs for 4.0 and 4.1 are broken due to qpid-proton update in EPEL on EL7 for dedicated thread on the qpid_proton issues.