FAQ
Hello,

I'm having trouble between the client and the master. Please help!

*root@r3:~# puppet agent --test*
Info: Caching certificate for r3.pb
Info: Caching certificate_revocation_list for ca
Warning: Unable to fetch my node definition, but the agent run will
continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate
B: certificate verify failed: [certificate revoked for
/CN=masterdns.peoplebrowsr.com]
Info: Retrieving plugin
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources
using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read
server certificate B: certificate verify failed: [certificate revoked for
/CN=masterdns.peoplebrowsr.com]
Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com]
Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com]
Error: Could not retrieve catalog from remote server: SSL_connect
returned=1 errno=0 state=SSLv3 read server certificate B: certificate
verify failed: [certificate revoked for /CN=masterdns.peoplebrowsr.com]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3
read server certificate B: certificate verify failed: [certificate revoked
for /CN=masterdns.peoplebrowsr.com]

I've tried to remove all of the SSL files on the client:
root@r3:~# rm -rf /var/lib/puppet/ssl/*

And then clean from the master:
root@masterdns:~# puppet cert clean r3.pb

Then restart the client's puppet agent and sign the client again. But it
still doesn't work!

Please help.

Thanks,
Khoi

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Jakov Sosic at Jun 7, 2013 at 9:37 pm

    On 06/06/2013 10:25 AM, khoibui@peoplebrowsr.com wrote:

    Then restart the client's puppet agent and sign the client again. But it
    still doesn't work!
    Try to sync clock of both master and client to same NTP server.


    --
    Jakov Sosic
    www.srce.unizg.hr

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Badgerea at Jun 8, 2013 at 5:20 pm

    Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server
    certificate B: certificate verify failed: [certificate revoked for /CN=
    masterdns.peoplebrowsr.com]
    It looks like your puppetmaster's cert has been revoked (not the client's).
    I think it may be necessary to blow away your master's ssl stuff and
    regenerate (which also means regenerating certs for every client). You can
    do this by stopping puppetmaster, removing /var/lib/puppet/ssl (on the
    master), and restarting the master (I tried this with a 3.2.1 master).
    Someone wiser might have a smarter solution to this...

    Eric

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Esen Sagynov at Mar 14, 2014 at 2:18 pm
    This advice has worked for me nicely. Here is how to do this in Puppet
    3.1.x:

    1. First, stop puppet master on master node:

    sudo puppet resource service puppetmaster ensure=stopped enable=false

    2. Then remove all certificates on master node.

    sudo rm -rf /var/lib/puppet/ssl

    3. Now remove all certificates on the agent node:

    rm -rf ~/.puppet/ssl

    4. Start the puppet master:

    sudo puppet resource service puppetmaster ensure=running enable=true

    5. Request the certificates from agent node:

    puppet agent --test --waitforcert=2m --noop

    Done!
    On Sunday, June 9, 2013 2:20:21 AM UTC+9, badgerious wrote:


    Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server
    certificate B: certificate verify failed: [certificate revoked for /CN=
    masterdns.peoplebrowsr.com]
    It looks like your puppetmaster's cert has been revoked (not the
    client's). I think it may be necessary to blow away your master's ssl stuff
    and regenerate (which also means regenerating certs for every client). You
    can do this by stopping puppetmaster, removing /var/lib/puppet/ssl (on the
    master), and restarting the master (I tried this with a 3.2.1 master).
    Someone wiser might have a smarter solution to this...

    Eric
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/08d33c3c-fe24-41bf-9f10-c92f77b73d74%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJun 6, '13 at 1:39p
activeMar 14, '14 at 2:18p
posts4
users4
websitepuppetlabs.com

People

Translate

site design / logo © 2021 Grokbase