On puppet master: puppet cert --clean <fqdn> on client: rm -fr /var/lib/puppet/ssl/* puppet agent --test
check on master for signing request: puppet cert --list On 06.07.2012, at 10:25, Martinus wrote: > Martin, > > Right. > > Time is good (NTP) on all 3 clients and server. And I double checked just > now with ntpq -p (largest offset was -20). There are different time zones, > but then so has the working systems different time zones. > Ruby version on all 3 clients and server: ruby 1.8.7 (2011-06-30 patchlevel > 352) > The SSLDir line looks like this: "ssldir = /var/lib/puppet/ssl" on all > systems (config file is copied across systems). I checked, and the standard > set of directories are there and owned by Puppet. However, crl.pem is not > present like on the working systems. > > Martinus. > > On Friday, 6 July 2012 09:07:46 UTC+1, Martin Alfke wrote: > Hi, > > - check time on client and server > - check ruby version on the 3 server which fail > - check SSLDir configuration in /etc/puppet/puppet.conf on the 3 systems. > > Martin > > On 06.07.2012, at 09:57, Martinus wrote: > >> I have a problem on 3 out of ~40 servers that gives the following error: >> >> err: Could not request certificate: SSL_connect returned=1 errno=0 >> state=unknown state: sslv3 alert handshake failure >> >> From previous posts, I made sure that SSLVerifyClient is set to optional. I >> also cleared /var/lib/puppet/ssl/ client side, not that it should make any >> difference as this error is on the first run of Puppet. >> >> When I try to run Puppet from either of these 3 servers, there is nothing >> noted in /var/log/apache2/* server side. I have confirmed networking is ok >> with telnet and also checked that there is traffic with tcpdump. >> >> Puppet server is at 2.7.11 and client is also at 2.7.11 both from Ubuntu >> repositories. >> >> Any help would be appreciated to find why these 3 particular servers is >> giving me problems. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/puppet-users/-/mzcj4gN-AWQJ. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/ksgzsaL9g1MJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
