Ask Your Question

certificate gets revoked

asked 2015-07-08 04:49:14 -0600

kartikv gravatar image

I have done more than my fair share of googling for this. The forward and reverse DNS are working fine. The TZ and date are the same. puppet agent --waitforcert 5 --test the above command works the first time only, while it is waiting for the cert, I sign it on the master Subsequent runs fail Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'evalgenerate': SSLconnect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /] I have done this on the client: [root@centos7guest-1 puppet]# rm -rf /var/lib/puppet/ssl/*

and on the master puppet cert clean

I have done all this several times

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-07-08 14:01:45 -0600

bhanu.rhce gravatar image

updated 2015-07-08 14:06:51 -0600

Two possible issues/solutions:

  1. The server certificate that puppet has and the one that the puppetmaster is using differ. On a pure puppet node one simple way is just to remove the current SSL information and start again:

rm -rf /var/lib/puppet/ssl/*

Also ensure that the client and server agree what the current time is (otherwise the certificate created may not be valid on the other machine).


2. Regenerate the master certificate again:

Revoke the master certificate (again).

puppet cert clean < puppet master name>

Re-generate the master certificate.

puppet cert generate < puppet master name>

Re-start the puppet master

/etc/init.d/puppet stop/start

Lets see if any of the above solves the issue..


edit flag offensive delete link more

answered 2015-07-08 14:43:41 -0600

kartikv gravatar image

Thanks for helping. Both alternatives did not work, as mentioned in the op, there is no significant time difference between the master and the nodes. I cleaned the masters certificate and restarted puppet. I am still not able to have a successful run.

edit flag offensive delete link more


oh! bad then, is it still the same error? any valid info in logs? is your server & client using ntp? if the setup is in initial stage, try to clean everything & then configure back... most of the times there might be issue with gems.

bhanu.rhce gravatar imagebhanu.rhce ( 2015-07-09 01:32:26 -0600 )edit

I got this working, thanks to bhanu.rhce. I am using PE trial edition. I blew away the os, increased cores from 4 to 6, increased RAM to 32GB. Reinstalled os and PE. Everything works now

kartikv gravatar imagekartikv ( 2015-07-09 11:29:52 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-07-08 04:49:14 -0600

Seen: 3,373 times

Last updated: Jul 08 '15