If you have an old or broken SSL stack and you try to authenticate with the Forge via SSL, you might get the following error: ERROR -> Unable to connect to https://forgeapi.puppetlabs.com.
Version and installation information
PE version: All versions
You can fix the error by updating r10k.yaml and update to point baseurl to forgeapi.puppet.com (instead of forgeapi.puppetlabs.com) as described in the Forge API documentation.
The Forge API is now primarily served from the puppet.com domain (r10k still points to the puppetlabs.com domain). DNS still resolves for puppetlabs.com. However, the legacy *.puppetlabs.com wildcard certificate was removed so that we could provide secure access to the Forge using SSL certificate best practices. Read this Forge update for more details.
In most cases, your interaction with the Forge won’t change because the puppet.com certificate includes puppetlabs.com as a SAN (Subject Alternative Name). However, if you’re using an older stack without support for server name indication (SNI) to access modules on the Forge, this change prevents SSL validation.
This has been corrected upstream in pull requests 1066 and 1067 and will be in a future release.
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles