Well, I _thought_ it helped. Many systems are connecting fine, others are
still getting a different ca.pem file. I suspect for some reason the server
is getting its copy overwritten somehow. I'm going to keep an eye on it now.
On Tuesday, June 14, 2016 at 10:07:13 AM UTC-4, Bret Wortman wrote:
>
I did the following (which I'd done before) and it seems to have helped:
# puppet resource service upppetserver ensure=stopped
# rm -rf /etc/puppetlabs/puppet/ssl
# puppet cert list -a
# puppet master --no-daemonize --verbose
^C
# puppet resource servcie puppetserver ensure=running
#
On Tuesday
To your specific issue, it looks like your agent's CA cert doesn't match the
issuer of the new puppetmaster's CA cert ("unable to get local issuer
certificate"). If I recall correctly, an agent without a CA cert will download
one from the puppetmaster the first time and thereafter check it. You
So I'm trying to use Ansible to automate the process of re-enrolling all my
systems after the upgrade from 3.8.6 to 4.3, and many (though not all) of
my clients are reporting thusly:
# *rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl*
# *ssh puppet puppet cert list host.in
