[Puppet Users] Hostname was not a match with the server certificate -- Arrgh!
On the client Client #] puppetd --test --trace http://pastebin.com/eft1Qmuv Full output of the command is above, last three lines, # err: Could not retrieve catalog from remote server: hostname was not match with the server certificate # warning: Not using cache on failed catalog # err: Could not retrieve catalog; skipping run I have attempted to track down where this problem is coming from. DNS is setup correctly. No host names have been changed, so I am at a lost as to how such a mistake could be made. But then, I am just believing the text of the error message. Puppet.domain.com puppetmaster.domain.com both point to the correct machine. The client can connect to the server with no problem, and also vice versa. The firewall is relaxed sufficiently on both client and server for puppet to communicate. Both systems are on the same network switch, all other networking services work pretty much perfectly. Any assistance will be highly appreciated, I have numerous crates of virtual beer I will gladly send your way, and for the none drinkers, I have a delightful selection of virtual foods from around the world which I can send your way ☺ Next paragraph is the long dormant student in me happy at the chance to learn something so powerful, which great power comes great responsibility, (yeah, right, whatever, I just want to be able to bring up a MySQL cluster in 5 minutes, and watch my dev teams face! I am prepared to LEARN puppet! Please teach me! I have even gone to you-tube to attempt to locate some video tutorials, but alas, no luck. (I was distracted by 45 minutes of people scaring the life out of other folks), This list, and IRC are my only hope to become a puppet master – I’ve even got that book pulling strings with puppet. I did notice a lot of advice in that book that isn’t really reflected in a number of examples on the net, (unless I’m too slow to recognize the patterns). Anyway, I will stop rambling now – I think puppet is the future, and I am desperate to learn and understand, so feel free to refer me to websites, blogs, forums, amazon, (book purchases!), and google, (in case I missed an obvious search!) Now, back to my original issue! Oh, I am on IRC, irc.freenode.org lurkin in the #puppet room ☺ -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
RE: [Puppet Users] Hostname was not a match with the server certificate -- Arrgh!
-Original Message- From: puppet-users@googlegroups.com [mailto:puppet-us...@googlegroups.com] On Behalf Of Peter Meier Sent: Thursday, April 29, 2010 2:16 PM To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Hostname was not a match with the server certificate -- Arrgh! Puppet.domain.com puppetmaster.domain.com both point to the correct machine. The client can connect to the server with no problem, and also vice versa. The firewall is relaxed sufficiently on both client and server for puppet to communicate. Both systems are on the same network switch, all other networking services work pretty much perfectly. do they have both the time synced correctly? This problem is also often burried in this error message cheers pete -- There is NO way it is that simple!? I did notice that the time had drifted on the VM machine, (known issue for VM's), and I have put in place my own script to fix that. The time is now in sync, but I believe that it was not at the time of the initial configuration. Does this mean that I have to rebuild, or can I recover from this? -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname was not a match with the server certificate -- Arrgh!
Puppet.domain.com puppetmaster.domain.com both point to the correct machine. The client can connect to the server with no problem, and also vice versa. The firewall is relaxed sufficiently on both client and server for puppet to communicate. Both systems are on the same network switch, all other networking services work pretty much perfectly. do they have both the time synced correctly? This problem is also often burried in this error message cheers pete -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname was not a match with the server certificate -- Arrgh!
On Thu, 2010-04-29 at 12:27 +0100, Gabriel - IP Guys wrote: On the client Client #] puppetd --test --trace http://pastebin.com/eft1Qmuv Full output of the command is above, last three lines, # err: Could not retrieve catalog from remote server: hostname was not match with the server certificate # warning: Not using cache on failed catalog # err: Could not retrieve catalog; skipping run [snip] When the client connects to the master, it checks the server certificate in 3 ways: * it should have been signed by the same CA * it should be valid (ie not expired) * the advertised server certificate CN should match the hostname used to connect to the server (or any other subjectAltName). When you launch puppetd, it connects to puppet.search, which usually resolved to puppet.domain.com. If your server certificate doesn't contain a CN and/or subjectAltName of puppet.domain.com, then this error is thrown. The mismatch can happen when your puppet master is in a different domain than the client. When the master generates its server certificate it uses: * it's fqdn as CN * puppet.$domain in subjectAltName, where $domain is what the current machine has if $domain on the master is different on the master and the client, the mismatch will happen. This is always true if your master is multi-homed and can be accessed from several networks using different domains. In this case you need to generate the server certificate with the puppet master name in every domains with --certdnsname. Now, back to my original issue! Oh, I am on IRC, irc.freenode.org lurkin in the #puppet room ☺ What's your nickname? -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Re: [Puppet Users] Hostname was not a match with the server certificate -- Arrgh!
What version are you using? I just had the same issue with a 0.23 version and when I upgraded to 0.25 it went away -- “Don't eat anything you've ever seen advertised on TV” - Michael Pollan, author of In Defense of Food -- You received this message because you are subscribed to the Google Groups Puppet Users group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
