Issue #17864 has been updated by Yuri Arabadji.
What if you set hostcrl to crl issued by CA? I have #17880, which is probably related to this one. ---------------------------------------- Bug #17864: puppet client requests /production/certificate_revocation_list/ca even with certificate_revocation=false https://projects.puppetlabs.com/issues/17864#change-78475 Author: Dustin Mitchell Status: Unreviewed Priority: Normal Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: >From puppet.conf: [agent] classfile = $vardir/classes.txt localconfig = $vardir/localconfig server = puppet # don't check the master's CRL; see # https://projects.puppetlabs.com/issues/14550 # for why this doesn't work with chained certs certificate_revocation = false yet, in the Apache logs, 10.12.130.18 - - [29/Nov/2012:13:15:02 -0800] "GET /production/certificate_revocation_list/ca? HTTP/1.1" 404 45 "-" "-" which was harmless enough until #4680 landed; now this request causes a failure. The client is 2.7.17, because 2.7.18 and up suffer from #15561, overly-board certificate name rejections. So this *may* have been fixed in newer clients. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to puppet-bugs@googlegroups.com. To unsubscribe from this group, send email to puppet-bugs+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.