RestClient::SSLCertificateNotVerified on Actions::Katello::Repository::CheckMatchingContent for Actions::Katello::ContentView::Publish


Foreman and Proxy plugin versions:

  • foreman-2.4.0-1.el7.noarch

  • foreman-cli-2.4.0-1.el7.noarch

  • foreman-debug-2.4.0-1.el7.noarch

  • foreman-dynflow-sidekiq-2.4.0-1.el7.noarch

  • foreman-installer-2.4.0-1.el7.noarch

  • foreman-installer-katello-2.4.0-1.el7.noarch

  • foreman-postgresql-2.4.0-1.el7.noarch

  • foreman-proxy-2.4.0-1.el7.noarch

  • foreman-release-2.4.0-1.el7.noarch

  • foreman-selinux-2.4.0-1.el7.noarch

  • foreman-service-2.4.0-1.el7.noarch

  • katello-4.0.0-1.el7.noarch

  • katello-certs-tools-2.7.3-1.el7.noarch

  • katello-client-bootstrap-1.7.6-1.el7.noarch

  • katello-common-4.0.0-1.el7.noarch

  • katello-debug-4.0.0-1.el7.noarch

  • katello-default-ca-1.0-1.noarch

  • katello-repos-4.0.0-1.el7.noarch

  • katello-selinux-4.0.0-1.el7.noarch

  • katello-server-ca-1.0-1.noarch

Distribution and version:
Red Hat Enterprise Linux Server release 7.9

Other relevant data:
I had published 5 content view version and the 6th the task got stuck with SSL Error.

  • There were no new certificat, no custom certificate,
  • Katello CA is Valid Not Before: May 11 12:05:27 2021 GMT and Not After : Jan 18 12:05:27 2038 GMT
  • content view is linked to a apt repository

I would like to be able to unlock this step.

I think it’s due to an unchage state of the repository.
I’m publishing a new version but nothing change inside the repo so I get the error above.

@RazorTheBeaver can you share any stack trace in /var/log/foreman/production.log or journalctl when you’re performing this action?

Hi @Jonathon_Turel,

This what I have from journactl and production.log: debug_view.log (34.1 KB)

My guess was I have this error when inside the repo nothing changed and i’m publishing an new view but i’m not 100% sure it’s the problem.

The think is, I have one repo (dep) which has fix packages and won’t get new packages and another repo (build_dev) which has packages regularly like two or three times per/day.
When I receive a new build deb packages, I publish a new view like that the packages can be upgrade on the machine.

Since I have added dep repository, I have pulp who got stuck on the “CheckMatchingContent”.
Finally I also got the same error when I published an new view when the build_dev didn’t get new packages.

Best regards,

Did you do a pulp2-3 migration for the deb repos or is this a new box with katello 4.0?
I did open an issue here: Bug #32761: Deb repo calls pulp2 when checking published during matching content check - Katello - Foreman cause your logs seem to show the repo on pulp3 but check matching content checking for the repo on pulp2. That looks incorrect.

Hi @sajha,
It’s a new box with katello 4.0.
On foreman interface, I have those information:

Backend System Status

  • pulp3

Installed Packages

  • pulp-client-1.0-1.noarch

  • pulpcore-selinux-1.2.4-1.el7.x86_64

  • python-pulp-manifest-

  • python3-pulp-certguard-1.1.0-1.el7.noarch

  • python3-pulp-container-2.2.1-1.el7.noarch

  • python3-pulp-deb-2.9.1-1.el7.noarch

  • python3-pulp-file-1.5.0-1.el7.noarch

  • python3-pulp-rpm-3.10.0-1.el7.noarch

  • python3-pulpcore-3.9.1-2.el7.noarch

Hi there,

Can I apply the fix without re-installing completely Foreman-Katello ?

Kind regards,

Have you found the fix for your issue? What is it?
I would recommend a fresh new installation if you want to start it over again.

Hi @lfu,

I guess the fix is Revision 366df38d - Fixes #32761 - Remove pulp2 call on deb repo content matching (#9396) - Katello - Foreman


You are right. Try apply the fix.
Good luck!

I’ve changed the script but it still raise SSLCertificateNotVerified.

There below you got the log.

ERROR-SSLCertificateNotVerified.log (13.0 KB)


@sajha Could you please take a look at this when you get a chance? Thanks.


I still see the various Runcible calls from the old code…The patch didn’t get through as far as I can tell…
Can you look at contents of the file katello/app/lib/actions/katello/repository/check_matching_content.rb and verify it’s calling target_repo_published instead of the old target_repo.published? on line 35?

I think the line number doesn’t match what you are saying.

Anyway, this is what I have in check_matching_content.rb

check_matching_content.log (3.3 KB)

Could you restart your server once and try again?

Thank you guys !
This is much better now.
Many thanks for your support, really appreciated.

1 Like