Dec 302013

When trying to upgrade an official module, puppet complains that it can’t find it on the forge. It might actually be that it doesn’t recognize the SSL certificate as being valid. When trying to install a module from, it returns the proper error, complaining that the certificate is invalid:

Apparently https is a jerk, so, other than the obvious, a solution is to use http instead of https for the repository:

On FreeBSD it might be that /etc/ssl/cert.pem isn’t symlinked to /usr/local/share/certs/ca-root-nss.crt, where the ca_root_nss package installs.