All: I bid you good fortune. On inherited a Foreman 1.19 / Puppet (5.5.6) presence, the original, 5-year cert (CA) expired. I found out while trying to run puppet agent on a new node. There was no complete documented series of steps for this combo of versions; the one who set up the presence departed a while back.
I followed a combination of what I saw: On puppet master: rm -rf /etc/puppetlabs/puppetdb/ssl puppetserver ca generate --config /etc/puppetlabs/puppet/puppet.conf puppet master --no-daemonize --verbose puppet resource service puppetserver ensure=running puppet resource service puppet ensure=running /opt/puppetlabs/server/apps/puppetdb/bin/puppetdb ssl-setup -f puppet resource service puppetdb ensure=running But on the master itself, and certainly a separate client/agent, there are any number or errors. * If on puppet master, running "puppet agent -t", I get this this error, where should I be checking? Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: *******] Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: ***] * On puppet master, "systemctl status -l puppet" concludes in "Unable to fetch my node definition, but the agent run will continue:" "Sep 28 16:58:42 <hostname> puppet-agent[19623]: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: ********]" "Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet Root CA: ******]" * If I run the same on any client, with below result, where should I head? Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: <hostname>] Info: Retrieving pluginfacts Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 s tate=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: <hostname>] Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get issuer certificate for /CN=Puppet CA: <hostname>] Any leads on next steps would be appreciated. (I do realize the software versions cited are rather old.) -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/d06491fe-8e3f-4d09-aff8-d5773a070f72n%40googlegroups.com.
