Yum is failing with [Errno 14] HTTPS Error 403 - Forbidden error on the client systems after upgrading to Red Hat Satellite 6.10

Solution Verified - Updated

Environment

  • Red Hat Satellite 6.10

Issue

  • After upgrading from Satellite 6.9 (with custom SSL certificates) to Satellite 6.10, the client hosts can no longer use yum commands and fail with the following error:

Content from satellite.example.com is not included.https://satellite.example.com/pulp/repos/RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/optional/os/repodata/repomd.xml:%20[Errno%2014]%20HTTPS%20Error%20403%20-%20Forbidden`

Resolution

  • This issue has been highlighted to the Red Hat Engineering team and is being tracked under the following This content is not included.Bugzilla 2021985.

  • It can be fixed in three different ways i.e. to trigger the update\refresh of the CA certificate used by ContentGuard.

    1. Execute the following command on the Red Hat Satellite 6.10 server.

      # echo "Katello::Pulp3::Api::ContentGuard.new(SmartProxy.pulp_primary).refresh" | foreman-rake console

    2. Or, Create a fake Custom Repository in the upgraded Red Hat Satellite 6.10 server with the Publish Via HTTP option disabled.

    3. Or, Modify the Publish Via HTTP option for an existing Custom Repository i.e. disable it and then re-enable it.

  • Please reach out to This content is not included.Red Hat Technical Support for any further assistance required.

For more KB articles/solutions related to Red Hat Satellite 6.x Repository Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Repository Issues.

Root Cause

  • This problem only occurs on those Satellite 6.10 servers which were upgraded from Satellite 6.9 and were having Custom SSL certificates integrated, as the upgrade procedure would not update the CA certificate used by the ContentGuard for the pulpcore database.

  • For a newly installed Red Hat Satellite server with Custom certificates integrated, the issue has already been fixed via This content is not included.Bugzilla 1961886.

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.