No certificate request generated for agent, what do I do?

asked 2019-01-16 15:45:19 -0600

LeroyT gravatar image

server version - 3.8.5 (open source running on Ubuntu 16.04, installed using apt-get, successfully servicing a number of clients)

client (agent) version - 5.4.0 (open source running on Ubuntu 18.04, installed using apt-get) "puppet agent -t" on the client returns:

Downgrading to PSON for future requests

Could not request certificate: Error 400 on SERVER: The environment must be purely alphanumeric, not 'puppet-ca'

Exiting; failed to retrieve certificate and waitforcert is disabled (I understand this issue and what to do about it)

I have tried setting "environment = production" in puppet.conf and using "--environment production" on the command line - no change

"tcpdump -neli any host <agent ip="" address="">" on the server shows traffic destined for port 8140 arriving and being answered but "puppet cert list" doesn't show a request

"telnet <puppetmaster ip="" address=""> 8140" on the agent shows a connection

"egrep -v "^#|^$" /etc/puppet/puppet.conf" shows:


ssldir = /var/lib/puppet/ssl

server=<puppetmaster's ip="" address="">




vardir = /var/lib/puppet

dns_alt_names = puppet

How do I resolve this so that the agent can be managed by Puppet? Thanks for the help.

edit retag flag offensive close merge delete