Yum command fails with a Curl error that ends in "[SSL: no alternative certificate subject name matches target host name 'loadbalancer.example.com'] after upgrading load-balanced capsules

Solution Verified - Updated -

Issue

  • After upgrading load-balanced capsules from the 6.10 to the 6.11 release, content hosts registered to the upgraded capsules can no longer get content from the capsules.

  • Any content host trying to pull patches from the capsules is getting the following error message:

    Errors during downloading metadata for repository 'rhel-8-for-x86_64-appstream-rpms':
- Curl error (51): SSL peer certificate or SSH remote key was not OK for https://loadbalancer.example.com/pulp/repos/Org1/Library/cv_rhel8_x86_64/content/dist/rhel8/8/x86_64/appstream/os/repodata/repomd.xml [SSL: no alternative certificate subject name matches target host name 'loadbalancer.example.com']
Error: Failed to download metadata for repo 'rhel-8-for-x86_64-appstream-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

  • The capsule servers were upgraded following the procedure described in section 3.3. Upgrading Capsule Servers of the Upgrading and Updating Red Hat Satellite guide.

Environment

  • Red Hat Satellite 6.11 server and two capsules with load balancing configuration.
  • The Red Hat Satellite and Capsule 6.11 servers were recently upgraded from the 6.10 release.
  • Affected content hosts are registered to the recently upgraded Red Hat Capsule 6.11 servers.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content