ah, please disregard. It seems I found the problem, there is a firewall that is blocking the port which I found when I tried to check the cert
# openssl s_client -connect henson.lab.nbttech.com:8140 CONNECTED(00000003) 14010:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: On Mar 15, 10:59 am, Kash <kashifsal...@gmail.com> wrote: > Hello folks, > I am getting this error on one of the clients, here's all of the > output. It was working on this client and today it stopped working. I > cleaned the cert for this client puppetmaster by "puppetca --clean > host.domain.com" and I removed the "/var/lib/puppet/ssl" directory so > it would get new certs. But I still keep getting the same error as > below. I have other clients which work just fine. > > I don't even see a request for new cert on the host (puppetca --list) > > # puppetd --test --debug --trace > > debug: Creating default schedules > debug: Failed to load library 'ldap' for feature 'ldap' > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/ > puppet/ssl]: Autorequiring File[/var/lib/puppet] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/public_keys/cam-dhcp1.lab.nbttech.com.pem]: Autorequiring > File[/var/lib/puppet/ssl/public_keys] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/certs]: Autorequiring File[/var/lib/puppet/ssl] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/csr_cam-dhcp1.lab.nbttech.com.pem]: Autorequiring File[/var/ > lib/puppet/ssl] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/ > puppet/lib]: Autorequiring File[/var/lib/puppet] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[main]/File[/var/lib/ > puppet/state]: Autorequiring File[/var/lib/puppet] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/private]: Autorequiring File[/var/lib/puppet/ssl] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/private_keys/cam-dhcp1.lab.nbttech.com.pem]: Autorequiring > File[/var/lib/puppet/ssl/private_keys] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/public_keys]: Autorequiring File[/var/lib/puppet/ssl] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[ssl]/File[/var/lib/ > puppet/ssl/private_keys]: Autorequiring File[/var/lib/puppet/ssl] > debug: /Settings[/etc/puppet/puppet.conf]/Settings[puppetd]/File[/etc/ > puppet/puppet.conf]: Autorequiring File[/etc/puppet] > debug: Finishing transaction -607037388 with 0 changes > debug: Calling puppetca.getcert > warning: peer certificate won't be verified in this SSL session > /usr/lib/ruby/1.8/puppet/network/xmlrpc/client.rb:57:in `getcert' > /usr/lib/ruby/1.8/puppet/network/client/ca.rb:26:in `request_cert' > /usr/lib/ruby/1.8/puppet/executables/client/certhandler.rb:38:in > `retrieve_cert' > /usr/lib/ruby/1.8/puppet/executables/client/certhandler.rb:27:in > `read_retrieve' > /usr/sbin/puppetd:347 > err: Could not request certificate: Certificate retrieval failed: > Certificates were not trusted: SSL_connect SYSCALL returned=5 errno=0 > state=SSLv2/v3 read server hello A -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.