Issue #1525 has been updated by micah.
I have had a similar problem using nginx, new nodes aren't able to get a CSR properly and in order to get them setup, I will kill nginx and the mongrels and instead run puppetmaster --no-daemonize -v and then run the node to get the certificate setup, puppetca it and then once everything is set, re-run the mongrels and nginx. I'd like to switch back to apache/mongrel to see if this changes anything. ---------------------------------------- Bug #1525: local host fails to sync with mongrel/apache2 http://reductivelabs.com/redmine/issues/show/1525 Author: madduck Status: Unreviewed Priority: Normal Assigned to: Category: Target version: Complexity: Unknown Affected version: 0.24.4 Keywords: After switching to mongrel (and recreating the certificate for the local puppetd), the local puppetd won't sync with puppet anymore: err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: tlsv1 alert decrypt error All other hosts connecting via the network work fine. It was suggested on IRC to comment SSLCARevocationFile in the apache2 config, but this did not make the problem go away. `openssl s_client -connect puppetmaster.madduck.net:8140` doesn't output anything different when run locally. `openssl crl -in /var/lib/puppet/ssl/ca/ca_crl.pem -text` seems happy. `openssl x509 -in /var/lib/puppet/ssl/certs/vera.madduck.net.pem` also seems happy. An strace file of the puppetd run is attached. Local puppet.conf is: [puppetd] server=puppetmaster.madduck.net [puppetmasterd] certname=puppetmaster.madduck.net ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
