Thank you Mike and Jeff. I fixed the problem by following Mike's suggestion (removed the cert on the client).
Cheers, Wesley On Thu, Jan 13, 2011 at 8:49 PM, Jeff McCune <j...@puppetlabs.com> wrote: > On Thu, Jan 13, 2011 at 12:20 PM, Wesley Wu <wesley.q...@gmail.com> wrote: > > Just installed Puppet 2.6.4 on Ubuntu 10.10 > > > > I was trying to restart the puppet agent but got the following error > > and the agent didn't run: > > > > $ sudo puppetd --server server.domain.com --waitforcert 60 --test > > err: Could not retrieve catalog from remote server: SSL_connect > > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > > verify failed > > warning: Not using cache on failed catalog > > err: Could not retrieve catalog; skipping run > > > > I have the puppet master running on "server.domain.com" > > Time was already mentioned, so the next thing to check is a hostname > mis-match between the client thinks it's name is (server.domain.com) > and what the master thinks it's hostname is. > > To check this, please run facter fqdn on the puppet master and let us > know your results. > > The puppet master generates a SSL certificate containing three > hostnames. These are: > > 1: the results of "facter fqdn" > 2: puppet.`facter domain` > 3: puppet > > So, on my test machine facter fqdn returns test.puppetlabs.vm and > facter domain returns puppetlabs.vm The names in the resulting > certificate are test.puppetlabs.vm, puppet.puppetlabs.vm and puppet. > > If the agent uses any name other than those three, you'll get a > certificate verification error. > > To fix the problem you could also add additional names to the > generated certificate. Blow away the bad SSL certificate and try: > > puppet master --certdnsnames server:server.domain.com > > > Hope this helps, > -- > Jeff McCune > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.