Recently looking into automating LUKS encryption processes, I stumbled upon the the following problem: clevis luks bind returns “Unable to fetch advertisement”.

The error message tells all and nothing. I found that with clevis’ tooling chain, it can be difficult to pinpoint problems easily. After some time I figured that the shell I ran this on had http_proxy environment variables set and therefore the curl-command used in the clevis tooling chain was fetching via the configured http proxy, which denied the connection with a 403 Forbidden error.

It was so unclear because clevis did not output any such error (inside the tooling chain it runs “curl -sfg” which silences all output).

Therefore make sure that the requests can succeed. Make sure that the environment the “clevus luks bind” command runs from does not have any unintended environment variables set, such as http_proxy or https_proxy.