Hi Martin, Thanks for the details. Later this post, i realized that the server certificate is expired and need renewal. When I open this post I was in an assumption that the certificate on the client is a problem . Planning to upgrade and renew the certificate in the server and re-register the client s.
On Saturday, July 20, 2019 at 3:41:29 PM UTC+5:30, Martin Alfke wrote: > > Hi Veera, > > Puppet Server process generates a CA upon first start. > The CA will be put into place with a default validity of 5 years. > > You can verify the CA using openssl default commands to read CA > information in human readable format. > > Besides this: Puppet 2.7 is super outdated you should consider upgrading > Puppet on a fresh server which will then have a new CA with new validity. > > Best, > Martin > > > > On 19. Jul 2019, at 06:52, Veera Mani <[email protected] <javascript:>> > wrote: > > > > Hi, > > > > I am running puppet-server-2.7.25-1.el5 and > puppet-2.7.20-1.el6.rf.noarch clients. > > > > A puppet client which is running for more than 5 years is rebuild > and while adding the server to the puppet infrastructure again , we are > facing the below error. > > The client is properly removed from the master before it is re-built. > > > But still while adding the server back , the error occurs. > > > > running on Jul19 .. > > > > [root@client1 setup]# puppet agent --server wfpuppet.example.com > --waitforcert 60 --test > > info: Creating a new SSL key for client1.example.com > > info: Caching certificate for ca > > info: Creating a new SSL certificate request for client1.example.com > > info: Certificate Request fingerprint (md5): > CE:73:92:B6:37:76:52:57:45:86:C5:D8:68:22:3F:A0 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Caching certificate for ca > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Caching certificate for ca > > info: Caching certificate for client1.example.com > > info: Retrieving plugin > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at > > > > ................... Truncated ...................................... > > > > err: Could not retrieve catalog from remote server: > Thread(#<Thread:0x7f275f7ca370 run>) not locked. > > warning: Not using cache on failed catalog > > err: Could not retrieve catalog; skipping run > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > > > ....................Truncated ................................ > > err: Could not request certificate: stack level too deep > > > > > > The configuration remains the same as in any client which is working > fine. Still facing the error? > > Is puppet master caching the expired certificate from cache ? > > > > "expired certificate for ca from cache;" > > > > > > > > I have followed the below puppet docs : > > > > > https://ask.puppet.com/question/16111/how-to-renew-expired-puppetmaster-certificates/ > > > > https://ask.puppet.com/question/32858/warning-certificate-puppet-ca-will-expire-on-how-to-renew-certificates-on-302/ > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e29c37cd-4d69-44a6-b51f-5eefaccff99f%40googlegroups.com. > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0de09581-8925-43c0-9885-097f0fd60069%40googlegroups.com.
