FAQ
Hello readers,

I have this little issue that my puppet client refuses to do anything
because of SSL validation errors. Maybe I'll just post dump of what
happens, that makes it clear I hope. Does anyone have a suggestion why that
might happen? what I already checked:

On the master:

    - Puppet and puppetmaster is running
    - Something is listening on Port 8140 (although I cannot telnet-connect
    to it, it closes immediately for whatever reason)
    - in /var/lib/puppet/ssl: find . -type f -delete

On the client:

    - in /var/lib/puppet/ssl: find . -type f -delete

I would appreciate any help that's available ...

thanks & greetings! Axel.


... and now the little dump:

(CLIENT)
*root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
info: Creating a new SSL key for l1311022.our.domain.de
warning: peer certificate won't be verified in this SSL session (2x)
info: Creating a new SSL certificate request for l1311022.our.domain.de
info: Certificate Request fingerprint (md5):
19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
warning: peer certificate won't be verified in this SSL session (3x)
Exiting; no certificate found and waitforcert is disabled

(SERVER)
*l1215022:/var/lib/puppet/ssl # pca -l*
notice: Signed certificate request for ca
notice: Rebuilding inventory file
   l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
*l1215022:/var/lib/puppet/ssl # pca -s --all*
notice: Signed certificate request for l1311022.our.domain.de
notice: Removing file Puppet::SSL::CertificateRequest
l1311022.our.domain.de at
'/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
l1215022:/var/lib/puppet/ssl #

(CLIENT)
*root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for l1311022.our.domain.de
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
Could not retrieve file metadata for
puppet://l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0
state=SSLv3 read server certificate B: certificate verify failed
err: Could not retrieve catalog from remote server: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed

The config files look like this:

(CLIENT)
[main]
     logdir = /var/log/puppet
     rundir = /var/run/puppet
     ssldir = /var/lib/puppet/ssl
     modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
[agent]
     certname = l1311022.our.domain.de
     server = l1215022.our.domain.de
     report = true
     graph = true
     pluginsync = true
     classfile = $vardir/classes.txt
     localconfig = $vardir/localconfig

(SERVER)
[main]
     logdir = /var/log/puppet
     rundir = /var/run/puppet
     ssldir = /var/lib/puppet/ssl
     certname = l1215022.our.domain.de
[agent]
     classfile = $vardir/classes.txt
     localconfig = $vardir/localconfig

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Axel Bock at Aug 10, 2012 at 12:29 pm
    hm, nevermind, I somehow solved it. although I'm not (yet) sure how. It
    involved a lot of restarting and deleting :)

    thanks anyways!
    Axel.



    2012/8/10 Axel Bock <axel.bock@arbeitsagentur.de>
    Hello readers,

    I have this little issue that my puppet client refuses to do anything
    because of SSL validation errors. Maybe I'll just post dump of what
    happens, that makes it clear I hope. Does anyone have a suggestion why that
    might happen? what I already checked:

    On the master:

    - Puppet and puppetmaster is running
    - Something is listening on Port 8140 (although I cannot
    telnet-connect to it, it closes immediately for whatever reason)
    - in /var/lib/puppet/ssl: find . -type f -delete

    On the client:

    - in /var/lib/puppet/ssl: find . -type f -delete

    I would appreciate any help that's available ...

    thanks & greetings! Axel.


    ... and now the little dump:

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
    info: Creating a new SSL key for l1311022.our.domain.de
    warning: peer certificate won't be verified in this SSL session (2x)
    info: Creating a new SSL certificate request for l1311022.our.domain.de
    info: Certificate Request fingerprint (md5):
    19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
    warning: peer certificate won't be verified in this SSL session (3x)
    Exiting; no certificate found and waitforcert is disabled

    (SERVER)
    *l1215022:/var/lib/puppet/ssl # pca -l*
    notice: Signed certificate request for ca
    notice: Rebuilding inventory file
    l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
    *l1215022:/var/lib/puppet/ssl # pca -s --all*
    notice: Signed certificate request for l1311022.our.domain.de
    notice: Removing file Puppet::SSL::CertificateRequest
    l1311022.our.domain.de at
    '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
    l1215022:/var/lib/puppet/ssl #

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for ca
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for l1311022.our.domain.de
    info: Retrieving plugin
    err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
    using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read
    server certificate B: certificate verify failed
    err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed Could not retrieve file metadata for puppet://
    l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0
    state=SSLv3 read server certificate B: certificate verify failed
    err: Could not retrieve catalog from remote server: SSL_connect returned=1
    errno=0 state=SSLv3 read server certificate B: certificate verify failed
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
    read server certificate B: certificate verify failed

    The config files look like this:

    (CLIENT)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
    [agent]
    certname = l1311022.our.domain.de
    server = l1215022.our.domain.de
    report = true
    graph = true
    pluginsync = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    (SERVER)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    certname = l1215022.our.domain.de
    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • TEJASWI MUPPARAJU at Jan 30, 2014 at 1:19 pm
    Hi,

    I am having similar issue, cant figure out why. Can any one help me with
    this ??

    thanks,
    Teja.
    On Friday, August 10, 2012 5:29:27 AM UTC-7, Axel Bock wrote:

    hm, nevermind, I somehow solved it. although I'm not (yet) sure how. It
    involved a lot of restarting and deleting :)

    thanks anyways!
    Axel.



    2012/8/10 Axel Bock <axel...@arbeitsagentur.de <javascript:>>
    Hello readers,

    I have this little issue that my puppet client refuses to do anything
    because of SSL validation errors. Maybe I'll just post dump of what
    happens, that makes it clear I hope. Does anyone have a suggestion why that
    might happen? what I already checked:

    On the master:

    - Puppet and puppetmaster is running
    - Something is listening on Port 8140 (although I cannot
    telnet-connect to it, it closes immediately for whatever reason)
    - in /var/lib/puppet/ssl: find . -type f -delete

    On the client:

    - in /var/lib/puppet/ssl: find . -type f -delete

    I would appreciate any help that's available ...

    thanks & greetings! Axel.


    ... and now the little dump:

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
    info: Creating a new SSL key for l1311022.our.domain.de
    warning: peer certificate won't be verified in this SSL session (2x)
    info: Creating a new SSL certificate request for l1311022.our.domain.de
    info: Certificate Request fingerprint (md5):
    19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
    warning: peer certificate won't be verified in this SSL session (3x)
    Exiting; no certificate found and waitforcert is disabled

    (SERVER)
    *l1215022:/var/lib/puppet/ssl # pca -l*
    notice: Signed certificate request for ca
    notice: Rebuilding inventory file
    l1311022.our.domain.de(19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
    *l1215022:/var/lib/puppet/ssl # pca -s --all*
    notice: Signed certificate request for l1311022.our.domain.de
    notice: Removing file Puppet::SSL::CertificateRequest
    l1311022.our.domain.de at
    '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
    l1215022:/var/lib/puppet/ssl #

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for ca
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for l1311022.our.domain.de
    info: Retrieving plugin
    err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
    using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read
    server certificate B: certificate verify failed
    err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed Could not retrieve file metadata for puppet://
    l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0
    state=SSLv3 read server certificate B: certificate verify failed
    err: Could not retrieve catalog from remote server: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
    read server certificate B: certificate verify failed

    The config files look like this:

    (CLIENT)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
    [agent]
    certname = l1311022.our.domain.de
    server = l1215022.our.domain.de
    report = true
    graph = true
    pluginsync = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    (SERVER)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    certname = l1215022.our.domain.de
    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/ToaPaY7mtgwJ.
    To post to this group, send email to puppet...@googlegroups.com<javascript:>
    .
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com <javascript:>.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ff1a8174-be84-4f8a-afe0-fa0f7cd16d1c%40googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Axel Bock at Aug 10, 2012 at 12:30 pm
    hm, nevermind, I solved it somehow, although I don't know how (yet). it
    involved a lot of deleting and restarting :) ...

    thanks anyways!
    /Axel.

    Am Freitag, 10. August 2012 14:10:57 UTC+2 schrieb Axel Bock:
    Hello readers,

    I have this little issue that my puppet client refuses to do anything
    because of SSL validation errors. Maybe I'll just post dump of what
    happens, that makes it clear I hope. Does anyone have a suggestion why that
    might happen? what I already checked:

    On the master:

    - Puppet and puppetmaster is running
    - Something is listening on Port 8140 (although I cannot
    telnet-connect to it, it closes immediately for whatever reason)
    - in /var/lib/puppet/ssl: find . -type f -delete

    On the client:

    - in /var/lib/puppet/ssl: find . -type f -delete

    I would appreciate any help that's available ...

    thanks & greetings! Axel.


    ... and now the little dump:

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
    info: Creating a new SSL key for l1311022.our.domain.de
    warning: peer certificate won't be verified in this SSL session (2x)
    info: Creating a new SSL certificate request for l1311022.our.domain.de
    info: Certificate Request fingerprint (md5):
    19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
    warning: peer certificate won't be verified in this SSL session (3x)
    Exiting; no certificate found and waitforcert is disabled

    (SERVER)
    *l1215022:/var/lib/puppet/ssl # pca -l*
    notice: Signed certificate request for ca
    notice: Rebuilding inventory file
    l1311022.our.domain.de (19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
    *l1215022:/var/lib/puppet/ssl # pca -s --all*
    notice: Signed certificate request for l1311022.our.domain.de
    notice: Removing file Puppet::SSL::CertificateRequest
    l1311022.our.domain.de at
    '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
    l1215022:/var/lib/puppet/ssl #

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for ca
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for l1311022.our.domain.de
    info: Retrieving plugin
    err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
    using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read
    server certificate B: certificate verify failed
    err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed Could not retrieve file metadata for puppet://
    l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0
    state=SSLv3 read server certificate B: certificate verify failed
    err: Could not retrieve catalog from remote server: SSL_connect returned=1
    errno=0 state=SSLv3 read server certificate B: certificate verify failed
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
    read server certificate B: certificate verify failed

    The config files look like this:

    (CLIENT)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
    [agent]
    certname = l1311022.our.domain.de
    server = l1215022.our.domain.de
    report = true
    graph = true
    pluginsync = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    (SERVER)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    certname = l1215022.our.domain.de
    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/BsBzM4YU0xYJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Banjer at Aug 10, 2012 at 2:53 pm
    It usually involves doing this one the server:

       puppet cert clean myhost

    and on the client:

       rm -rf /var/lib/puppet/ssl


    Then try it again on your client: `puppet agent --test` Then back to your
    master: `puppet cert sign myhost`.
    On Friday, August 10, 2012 8:30:50 AM UTC-4, Axel Bock wrote:

    hm, nevermind, I solved it somehow, although I don't know how (yet). it
    involved a lot of deleting and restarting :) ...

    thanks anyways!
    /Axel.

    Am Freitag, 10. August 2012 14:10:57 UTC+2 schrieb Axel Bock:
    Hello readers,

    I have this little issue that my puppet client refuses to do anything
    because of SSL validation errors. Maybe I'll just post dump of what
    happens, that makes it clear I hope. Does anyone have a suggestion why that
    might happen? what I already checked:

    On the master:

    - Puppet and puppetmaster is running
    - Something is listening on Port 8140 (although I cannot
    telnet-connect to it, it closes immediately for whatever reason)
    - in /var/lib/puppet/ssl: find . -type f -delete

    On the client:

    - in /var/lib/puppet/ssl: find . -type f -delete

    I would appreciate any help that's available ...

    thanks & greetings! Axel.


    ... and now the little dump:

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$* *puppet agent --test*
    info: Creating a new SSL key for l1311022.our.domain.de
    warning: peer certificate won't be verified in this SSL session (2x)
    info: Creating a new SSL certificate request for l1311022.our.domain.de
    info: Certificate Request fingerprint (md5):
    19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E
    warning: peer certificate won't be verified in this SSL session (3x)
    Exiting; no certificate found and waitforcert is disabled

    (SERVER)
    *l1215022:/var/lib/puppet/ssl # pca -l*
    notice: Signed certificate request for ca
    notice: Rebuilding inventory file
    l1311022.our.domain.de(19:60:00:FE:95:D8:1B:D1:7A:0A:08:C1:1F:E1:94:4E)
    *l1215022:/var/lib/puppet/ssl # pca -s --all*
    notice: Signed certificate request for l1311022.our.domain.de
    notice: Removing file Puppet::SSL::CertificateRequest
    l1311022.our.domain.de at
    '/var/lib/puppet/ssl/ca/requests/l1311022.our.domain.de.pem'
    l1215022:/var/lib/puppet/ssl #

    (CLIENT)
    *root@l1311022:/var/lib/puppet/ssl$ puppet agent --test*
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for ca
    warning: peer certificate won't be verified in this SSL session
    info: Caching certificate for l1311022.our.domain.de
    info: Retrieving plugin
    err: /File[/var/lib/puppet/lib]: Failed to generate additional resources
    using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read
    server certificate B: certificate verify failed
    err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed Could not retrieve file metadata for puppet://
    l1215022.our.domain.de/plugins: SSL_connect returned=1 errno=0
    state=SSLv3 read server certificate B: certificate verify failed
    err: Could not retrieve catalog from remote server: SSL_connect
    returned=1 errno=0 state=SSLv3 read server certificate B: certificate
    verify failed
    warning: Not using cache on failed catalog
    err: Could not retrieve catalog; skipping run
    err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
    read server certificate B: certificate verify failed

    The config files look like this:

    (CLIENT)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    modulepath = /etc/puppet/modules:/opt/puppet/share/puppet/modules
    [agent]
    certname = l1311022.our.domain.de
    server = l1215022.our.domain.de
    report = true
    graph = true
    pluginsync = true
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig

    (SERVER)
    [main]
    logdir = /var/log/puppet
    rundir = /var/run/puppet
    ssldir = /var/lib/puppet/ssl
    certname = l1215022.our.domain.de
    [agent]
    classfile = $vardir/classes.txt
    localconfig = $vardir/localconfig
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Jx0FJz3FksUJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedAug 10, '12 at 12:11p
activeJan 30, '14 at 1:19p
posts5
users4
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase