Resolved: Module apt_repository: Why is validate_certs not working?

In this post, we will see how to resolve Module apt_repository: Why is validate_certs not working?


I have an Ansible playbook that adds an Apt repository. The Repo is located on my own server – accessed by HTTPS (with a self-signed cert).
If I put the repo manually in the hosts sources.list I get this error when updating the cache.
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.
Ok, its self-signed. Disable the check and all is fine.
Very good – now I try to handle it with Ansible.
No matter if I set validate_certs: false – it fails any time.
If I make the repo public via HTTP and change the URL then all is fine. Also if I keep it with HTTPS-selfsigned and set
at the update-seeking hosts apt-config it will work too.
But I expect validate_certs to handle that. So why is it not working??

Best Answer:

The validate_certs argument to apt_repository does not affect the configuration of apt or the repository, it controls whether certs are validated during the module’s internal fetching of PPA info.
If you want apt to ignore validation failures, you need to configure apt accordingly.

If you have better answer, please add a comment about this, thank you!