Can't connect to SSL URL to get checksum

[robvadai]

Ansible version: 2.8.2 Target host OS: Debian 10 Buster Python version on target host: 3.7

TASK [atosatto.minio : Get the Minio server checksum for amd64 architecture] ******************************************************************************************
fatal: [my.hostname.com]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Error validating the server's certificate for https://dl.minio.io/server/minio/release/linux-amd64/minio.sha256sum: Failed to validate the SSL certificate for dl.minio.io:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)."}

[robvadai]

It works when ignoring the validation of the SSL certificate, but obviously this is not a solution:

- name: "Get the Minio server checksum for {{ go_arch }} architecture"
  set_fact:
    _minio_server_checksum: "{{ lookup('url', _minio_server_download_url + '.sha256sum', validate_certs=False).split(' ')[0] }}"

[atosatto]

Hi @robvadai have you figured out the reason of this behavior? Honestly it looks like something external to this role. Was a normal curl https://dl.minio.io/server/minio/release/linux-amd64/minio.sha256sum showing the same behavior?

[fititnt]

Possibly related to #59004 (ansible 2.8.1, ubuntu 16.04 lts CIS). There is another issue older here #33417

This issue sounds like a problem with the OS or the python running Ansible and is not specific to ansible-minio role.

This type of issue may be solved just installing packages related to openssl or certificates.