Ask Your Question

manduck's profile - activity

2018-02-07 05:14:26 -0600 received badge  Famous Question (source)
2018-02-07 05:14:26 -0600 received badge  Notable Question (source)
2017-02-07 05:28:35 -0600 commented question Accidentally cleaned all of my certificates.

Any ideas?

2017-02-06 14:59:49 -0600 received badge  Popular Question (source)
2017-02-06 08:26:59 -0600 commented question Accidentally cleaned all of my certificates.

Different error now though... Connection refused - connect(2)

2017-02-06 08:26:08 -0600 commented question Accidentally cleaned all of my certificates.

Well the agent I'm trying it on is a completely fresh one. I've cleared out the ssh directory (/var/lib/puppet/ssl/*) anyway, plus I've backed-up and deleted the ssh directory on the master (/var/lib/puppet/ssh) and then cleaned and then regenerated the master certificate., but still no luck.

2017-02-06 04:20:20 -0600 commented question Accidentally cleaned all of my certificates.

But isn't 'puppet master --verbose --no-daemonise' regenerating my master certificate?

2017-02-03 09:15:09 -0600 asked a question Accidentally cleaned all of my certificates.

So I'm a Puppet noob, and I foolishly did a cert clean --all. I'm now in the process of re-doing all of the certificates but I have a problem.

So the first thing a did on the puppet master was 'puppet master --verbose --no-daemonise' to redo the puppet master certificate.

However, then when I try and sign a client, I'm able to run the first 'puppet agent --test' and then sign it on the server, but then when I run the second 'puppet agent --test' I get...

Error: Could not request certificate: Server hostname 'puppet' did not match server certificate; bob.localdomain

However, the certificate on the puppet master is called 'puppet'. I've tried editing the puppet.conf on the master so it includes 'server=puppet' and 'certname=puppet' and 'dns-alt-names=puppet' and stuff like that, but the agents always seem to complain that it's bob.localdomain.

How do I get the certificate set correctly on the master? Any help would be greatly appreciated.

UPDATE

Okay, I've got a little bit further.

I stopped the puppet service, then ran 'puppet master --verbose --no-daemonise' again, then started the service.

Now when I try and run 'puppet agent --test' on a client I get the following error...

Error: Could not request certificate: Connection reset by peer - SSL_connect

Is there something else that needs to be restarted on the master? It's version 3.6.2 by the way.