Anton Marchukov created OVIRT-2052: -------------------------------------- Summary: Updated SSL Stores on resources.ovirt.org Key: OVIRT-2052 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2052 Project: oVirt - virtualization made easy Issue Type: By-EMAIL Reporter: Anton Marchukov Assignee: infra resources.ovirt.org has old SSL stores and does not consider lets encrypt certs as valid: ovpn-205-70:~ amarchuk$ ssh http://resources.ovirt.org ssh: Could not resolve hostname http://resources.ovirt.org: nodename nor servname provided, or not known ovpn-205-70:~ amarchuk$ ssh resources.ovirt.org Last login: Thu May 10 14:19:17 2018 from monitoring.ovirt.org [amarchuk@resources02 ~]$ curl https://jenkins.ovirt.org/ curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle"  of Certificate Authority (CA) public keys (CA certs). If the default  bundle file isn't adequate, you can specify an alternate file  using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in  the bundle, the certificate verification probably failed due to a  problem with the certificate (it might be expired, or the name might  not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use  the -k (or --insecure) option. We also have a python utility called repoman that uses the bundle certs inside “python-requests” library so we need to make sure it is updated too along with the system certs. We might have the same problem on other servers, e.g. on Jenkins and it’s slaves so might make sense to analyse the situation and extend this ticket. -- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100085)