-
Notifications
You must be signed in to change notification settings - Fork 468
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intermittent failure on this error: OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint #757
Comments
See #669 |
See #357 as well |
Based on above links the error message might include a hint like "Please check thumbprint" |
For anyone that uses Terraform to configure their OIDC provider in AWS, this snippet may be helpful: data "tls_certificate" "github" {
url = "https://token.actions.githubusercontent.com/.well-known/openid-configuration"
}
resource "aws_iam_openid_connect_provider" "github" {
url = "https://token.actions.githubusercontent.com"
client_id_list = [
"sts.amazonaws.com",
]
thumbprint_list = [
for c in data.tls_certificate.github.certificates : c.sha1_fingerprint
]
} |
@mrparkers because github is serving multiple certificate chains, a single
can't fetch them all. See #357 (comment) |
Please see the most recent update to our readme, and please go to #357 for any further discussion related to this topic. Thanks all! |
Comments on closed issues are hard for our team to see. |
Describe the bug
Not a consistent error.
On a GHA with 14 different steps 2 fail with
OpenIDConnect provider's HTTPS certificate doesn't match configured thumbprint
all use the same role to do work.Re-running will eventually clear the error
This also happens on GHA with a single step so not related to volume of requests.
Expected Behavior
Not getting HTTPS errors
Current Behavior
Intermitent failures with the above error
Reproduction Steps
Run a job and get this error. Is intermittent. Like a host in a clusters clock is off far enough to fail a cert.
Possible Solution
No response
Additional Information/Context
No response
The text was updated successfully, but these errors were encountered: