Trying to fetch a module, I have the following output
Notice: Preparing to install into /usr/local/etc/puppet/modules ... Notice: Downloading from https://forgeapi.puppetlabs.com ... Error: Could not connect via HTTPS to https://forgeapi.puppetlabs.com Unable to verify the SSL certificate The certificate may not be signed by a valid CA The CA bundle included with OpenSSL may not be valid or up to date
But my /etc/ssl/cert.pem
is linked correctly, and the package ca_root_nss-3.16.3
is up to date. Is there any information I can get from Puppet about how to proceed with diagnosing this? Maybe it's looking in the wrong location?
Best Answer
I suppose I should be explicit about my solution. Following Felix Frank's advice to use
strace
(ktrace
in FreeBSD), I performedthe -d flag just being there in case child processes were involved. Then, to recover the trace in a human readable format,
which revealed among other things the following bit
It isn't clear to me yet whether my system is just incorrectly configured, and that
cert.pem
was supposed to be there; or whether some other issue is at play. Either way, it fixed the immediate problem of not being able to install the module.