Issue #5346 has been updated by Lance Reed. Status changed from Closed to Re-opened
so apologizes if I am being dense, but is the solution here really to do a manual delete of the signed cert file on a master if we need to rebuild / replace a host. This is something we do ALL the time. we are running into serious confusion regarding puppetca -clean -revoke and crl files blocking when a host is rebuilt. Is there a documented procedure to correctly rebuild hosts using the same name etc. I even have the crl up commented out in my passenger configs and this is causing problems. ---------------------------------------- Bug #5346: puppetca doc error https://projects.puppetlabs.com/issues/5346 Author: Ben - Status: Re-opened Priority: Normal Assignee: Category: SSL Target version: Affected Puppet version: 2.6.3 Keywords: Branch: the puppetca man page needs updating to include the new --clean behavior of revoking cert. 2.6.3 revokes w/ the --clean option $ puppetca --clean server.puppetlabs.com notice: Revoked certificate with serial 260 notice: Removing file Puppet::SSL::Certificate server.puppetlabs.com at '/var/lib/puppet/ssl/ca/signed/server.puppetlabs.com.pem' notice: Removing file Puppet::SSL::Certificate server.puppetlabs.com at '/var/lib/puppet/ssl/certs/server.puppetlabs.com.pem' The puppetca man page states This is useful when rebuilding hosts, since new certificate signing requests will only be honored if puppet cert does not have a copy of a signed certificate for that host. The certificate of the host remains valid. PS> I prefer the old behavior. The --revoke option should not be implied w/ --clean. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
