Ask Your Question
0

err: /File: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate revoked for /CN=MasterHost

asked 2017-08-18 06:55:07 -0500

updated 2017-08-18 11:30:59 -0500

DarylW gravatar image

Hi, While i am running the below command i am getting some error please help on this. sudo puppetd agent --test --server MasterHost --environment newdcdeploy --ssldir /var/lib/puppet/ssl --pluginsync true

err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate revoked for /CN=MasterHost]
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate revoked for /CN=MasterHost] Could not retrieve file metadata for puppet://MasterHost/plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate revoked for /CN=MasterHost]
info: Loading facts in /var/lib/puppet/lib/facter/db_entry_nfr.rb
info: Loading facts in /var/lib/puppet/lib/facter/sherlockversion.rb
info: Loading facts in /var/lib/puppet/lib/facter/solrversion.rb
info: Loading facts in /var/lib/puppet/lib/facter/solrrotationstatus.rb
info: Loading facts in /var/lib/puppet/lib/facter/rotationstatus.rb
info: Loading facts in /var/lib/puppet/lib/facter/db_entry.rb
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate revoked for /CN=MasterHost]
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate revoked for /CN=masterHost

from master

root@Master:~# sudo puppet cert sign -all
+ "Agent"                     (7D:D1:16:14:76:9E:FA:79:02:0E:56:23:06:4E:0E:46)
+ "Master" (1C:F4:DE:63:CD:5B:B4:4B:23:5B:CD:6C:E9:14:D6:B8) (alt names: "DNS:puppet", "DNS:sMasterHost")
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-08-19 21:33:47 -0500

waveclaw gravatar image

Puppet agents cache a current copy of the Puppet SSL Certificate Authority's CRL - Certificate Revokation List. The error shown says that the current SSL certificate sent by Masterhost and received by the agent appears on that CRL. You can try removing the crl.pem file (or the whole $ssldir) from the agent and repeating the certificate signing request.

If MasterHost is acatually the nam eof the Master server in your example then you may just have a bad CRL entry. If someone ran puppet cert clean on the host running the Puppet CA then the easiest solution is to wipe and redeploy all the SSL certificates. If someone ran a clean on a Puppet Master cert that was not also the CA then you can just force that Puppet Master to generate a new SSL certificate. You will have to sign that one on the Puppet CA server.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2017-08-18 06:55:07 -0500

Seen: 20 times

Last updated: Aug 19