Ask Your Question

Revision history [back]

Puppet agents cache a current copy of the Puppet SSL Certificate Authority's CRL - Certificate Revokation List. The error shown says that the current SSL certificate sent by Masterhost and received by the agent appears on that CRL. You can try removing the crl.pem file (or the whole $ssldir) from the agent and repeating the certificate signing request.

If MasterHost is acatually the nam eof the Master server in your example then you may just have a bad CRL entry. If someone ran puppet cert clean on the host running the Puppet CA then the easiest solution is to wipe and redeploy all the SSL certificates. If someone ran a clean on a Puppet Master cert that was not also the CA then you can just force that Puppet Master to generate a new SSL certificate. You will have to sign that one on the Puppet CA server.