Score:0

puppet 5.5 issue after renewed master certificate

mk flag

I currently faced issue after renewing Puppet certificate. I did a clean backup of client SSL folder and did a puppet agent ‑t.

Can anyone help me?

This is the code.

[root@pupcltlp0001 AEST /etc/puppetlabs/puppet]# puppet agent -t
Info: Creating a new SSL key for pupcltlp0001.dt.network
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for pupcltlp0001.dt.network
Info: Certificate Request fingerprint (SHA256): FE:E8:C5:3C:11:84:82:CF:99:B6:52:C8:C3:1A:C1:DC:5E:6D:CD:F0:61:EB:86:F2:59:05:00:CB:34:83:C3:AA
Info: Caching certificate for pupcltlp0001.dt.network
Error: request https://pupet-master.dt.network:8140//puppet-ca/v1/certificate_revocation_list/ca failed: SSL_connect returned=1 errno=0 state=error: certificate verify failed
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: pupet-master.dt.network]
Exiting; failed to retrieve certificate and waitforcert is disabled
[root@pupcltlp0001 AEST /etc/puppetlabs/puppet]# puppet agent -t
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pupet-master.dt.network]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': Failed to open TCP connection to pupet-master.dt.network:8140 (No route to host - connect(2) for "pupet-master.dt.network" port 8140)
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pupet-master.dt.network]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=vlxpup5lp01.dt.network]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pupet-master.dt.network]
Info: Loading facts
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=pupet-master.dt.network]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
You have new mail in /var/spool/mail/root
[root@pupcltlp0001 AEST /etc/puppetlabs/puppet]# puppet --version
5.5.22
cn flag
Did you read the message? `certificate verify failed`. Is the cert issued from the same CA? Same CRL? Same AIA?
Dan Dela Torre avatar
mk flag
yep, same CA bdw I am using puppet 5.5
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.