Issue #16657 has been updated by Rob Nelson.
I see the same error in PE 3.2.4 (3.0.1):
<pre>[root@puppetmaster ~]# puppet cert revoke server01 --debug --trace
Debug: Failed to load library 'selinux' for feature 'selinux'
Debug: Using settings: adding file resource 'confdir':
'File[/etc/puppetlabs/puppet]{:path=>"/etc/puppetlabs/puppet",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'vardir':
'File[/var/opt/lib/pe-puppet]{:path=>"/var/opt/lib/pe-puppet",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderLdap: true value when expecting false
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport
does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
Debug: /User[pe-puppet]: Provider useradd does not support features libuser;
not managing attribute forcelocal
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
Debug: /Group[pe-puppet]: Provider groupadd does not support features libuser;
not managing attribute forcelocal
Debug: Using settings: adding file resource 'logdir':
'File[/var/log/pe-puppet]{:path=>"/var/log/pe-puppet", :mode=>"750",
:owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'statedir':
'File[/var/opt/lib/pe-puppet/state]{:path=>"/var/opt/lib/pe-puppet/state",
:mode=>"1755", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'rundir':
'File[/var/run/pe-puppet]{:path=>"/var/run/pe-puppet", :mode=>"755",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'libdir':
'File[/var/opt/lib/pe-puppet/lib]{:path=>"/var/opt/lib/pe-puppet/lib",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hiera_config':
'File[/etc/puppetlabs/puppet/hiera.yaml]{:path=>"/etc/puppetlabs/puppet/hiera.yaml",
:ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'certdir':
'File[/etc/puppetlabs/puppet/ssl/certs]{:path=>"/etc/puppetlabs/puppet/ssl/certs",
:owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'ssldir':
'File[/etc/puppetlabs/puppet/ssl]{:path=>"/etc/puppetlabs/puppet/ssl",
:mode=>"771", :owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'publickeydir':
'File[/etc/puppetlabs/puppet/ssl/public_keys]{:path=>"/etc/puppetlabs/puppet/ssl/public_keys",
:owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'requestdir':
'File[/etc/puppetlabs/puppet/ssl/certificate_requests]{:path=>"/etc/puppetlabs/puppet/ssl/certificate_requests",
:owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'privatekeydir':
'File[/etc/puppetlabs/puppet/ssl/private_keys]{:path=>"/etc/puppetlabs/puppet/ssl/private_keys",
:mode=>"750", :owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'privatedir':
'File[/etc/puppetlabs/puppet/ssl/private]{:path=>"/etc/puppetlabs/puppet/ssl/private",
:mode=>"750", :owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostcert':
'File[/etc/puppetlabs/puppet/ssl/certs/puppetmaster.nelson.va.pem]{:path=>"/etc/puppetlabs/puppet/ssl/certs/puppetmaster.nelson.va.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostprivkey':
'File[/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.nelson.va.pem]{:path=>"/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.nelson.va.pem",
:mode=>"600", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostpubkey':
'File[/etc/puppetlabs/puppet/ssl/public_keys/puppetmaster.nelson.va.pem]{:path=>"/etc/puppetlabs/puppet/ssl/public_keys/puppetmaster.nelson.va.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'localcacert':
'File[/etc/puppetlabs/puppet/ssl/certs/ca.pem]{:path=>"/etc/puppetlabs/puppet/ssl/certs/ca.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostcrl':
'File[/etc/puppetlabs/puppet/ssl/crl.pem]{:path=>"/etc/puppetlabs/puppet/ssl/crl.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cadir':
'File[/etc/puppetlabs/puppet/ssl/ca]{:path=>"/etc/puppetlabs/puppet/ssl/ca",
:mode=>"770", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cacert':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem",
:mode=>"660", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cakey':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_key.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_key.pem",
:mode=>"660", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'capub':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem",
:owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cacrl':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem",
:mode=>"664", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'caprivatedir':
'File[/etc/puppetlabs/puppet/ssl/ca/private]{:path=>"/etc/puppetlabs/puppet/ssl/ca/private",
:mode=>"770", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'csrdir':
'File[/etc/puppetlabs/puppet/ssl/ca/requests]{:path=>"/etc/puppetlabs/puppet/ssl/ca/requests",
:owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'signeddir':
'File[/etc/puppetlabs/puppet/ssl/ca/signed]{:path=>"/etc/puppetlabs/puppet/ssl/ca/signed",
:mode=>"770", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'capass':
'File[/etc/puppetlabs/puppet/ssl/ca/private/ca.pass]{:path=>"/etc/puppetlabs/puppet/ssl/ca/private/ca.pass",
:mode=>"660", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'serial':
'File[/etc/puppetlabs/puppet/ssl/ca/serial]{:path=>"/etc/puppetlabs/puppet/ssl/ca/serial",
:mode=>"644", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cert_inventory':
'File[/etc/puppetlabs/puppet/ssl/ca/inventory.txt]{:path=>"/etc/puppetlabs/puppet/ssl/ca/inventory.txt",
:mode=>"644", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: /File[/var/opt/lib/pe-puppet/state]: Autorequiring
File[/var/opt/lib/pe-puppet]
Debug: /File[/var/opt/lib/pe-puppet/lib]: Autorequiring
File[/var/opt/lib/pe-puppet]
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]: Autorequiring
File[/etc/puppetlabs/puppet]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl]: Autorequiring
File[/etc/puppetlabs/puppet]
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/private]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs/puppetmaster.nelson.va.pem]:
Autorequiring File[/etc/puppetlabs/puppet/ssl/certs]
Debug:
/File[/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.nelson.va.pem]:
Autorequiring File[/etc/puppetlabs/puppet/ssl/private_keys]
Debug:
/File[/etc/puppetlabs/puppet/ssl/public_keys/puppetmaster.nelson.va.pem]:
Autorequiring File[/etc/puppetlabs/puppet/ssl/public_keys]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/certs]
Debug: /File[/etc/puppetlabs/puppet/ssl/crl.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_key.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/private]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/requests]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/signed]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/private/ca.pass]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca/private]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/serial]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/inventory.txt]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: Finishing transaction 10322740
Error: Could not find a serial number for server01
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority.rb:256:in
`revoke'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:22:in
`block in apply'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:21:in
`each'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:21:in
`apply'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority.rb:76:in
`apply'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application/cert.rb:188:in `main'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:372:in `run_command'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `block (2
levels) in run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:456:in `plugin_hook'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `block in run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util.rb:504:in `exit_on_fail'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/command_line.rb:132:in `run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/command_line.rb:86:in `execute'
/opt/puppet/bin/puppet:4:in `<main>'
[root@puppetmaster ~]# puppet cert clean server01 --debug --trace
Debug: Failed to load library 'selinux' for feature 'selinux'
Debug: Using settings: adding file resource 'confdir':
'File[/etc/puppetlabs/puppet]{:path=>"/etc/puppetlabs/puppet",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'vardir':
'File[/var/opt/lib/pe-puppet]{:path=>"/var/opt/lib/pe-puppet",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Puppet::Type::User::ProviderPw: file pw does not exist
Debug: Puppet::Type::User::ProviderLdap: true value when expecting false
Debug: Puppet::Type::User::ProviderDirectoryservice: file /usr/bin/dsimport
does not exist
Debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not exist
Debug: /User[pe-puppet]: Provider useradd does not support features libuser;
not managing attribute forcelocal
Debug: Puppet::Type::Group::ProviderPw: file pw does not exist
Debug: Puppet::Type::Group::ProviderLdap: true value when expecting false
Debug: Puppet::Type::Group::ProviderDirectoryservice: file /usr/bin/dscl does
not exist
Debug: /Group[pe-puppet]: Provider groupadd does not support features libuser;
not managing attribute forcelocal
Debug: Using settings: adding file resource 'logdir':
'File[/var/log/pe-puppet]{:path=>"/var/log/pe-puppet", :mode=>"750",
:owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'statedir':
'File[/var/opt/lib/pe-puppet/state]{:path=>"/var/opt/lib/pe-puppet/state",
:mode=>"1755", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'rundir':
'File[/var/run/pe-puppet]{:path=>"/var/run/pe-puppet", :mode=>"755",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'libdir':
'File[/var/opt/lib/pe-puppet/lib]{:path=>"/var/opt/lib/pe-puppet/lib",
:ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hiera_config':
'File[/etc/puppetlabs/puppet/hiera.yaml]{:path=>"/etc/puppetlabs/puppet/hiera.yaml",
:ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'certdir':
'File[/etc/puppetlabs/puppet/ssl/certs]{:path=>"/etc/puppetlabs/puppet/ssl/certs",
:owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'ssldir':
'File[/etc/puppetlabs/puppet/ssl]{:path=>"/etc/puppetlabs/puppet/ssl",
:mode=>"771", :owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'publickeydir':
'File[/etc/puppetlabs/puppet/ssl/public_keys]{:path=>"/etc/puppetlabs/puppet/ssl/public_keys",
:owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'requestdir':
'File[/etc/puppetlabs/puppet/ssl/certificate_requests]{:path=>"/etc/puppetlabs/puppet/ssl/certificate_requests",
:owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow,
:backup=>false}'
Debug: Using settings: adding file resource 'privatekeydir':
'File[/etc/puppetlabs/puppet/ssl/private_keys]{:path=>"/etc/puppetlabs/puppet/ssl/private_keys",
:mode=>"750", :owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'privatedir':
'File[/etc/puppetlabs/puppet/ssl/private]{:path=>"/etc/puppetlabs/puppet/ssl/private",
:mode=>"750", :owner=>"pe-puppet", :ensure=>:directory, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostcert':
'File[/etc/puppetlabs/puppet/ssl/certs/puppetmaster.nelson.va.pem]{:path=>"/etc/puppetlabs/puppet/ssl/certs/puppetmaster.nelson.va.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostprivkey':
'File[/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.nelson.va.pem]{:path=>"/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.nelson.va.pem",
:mode=>"600", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostpubkey':
'File[/etc/puppetlabs/puppet/ssl/public_keys/puppetmaster.nelson.va.pem]{:path=>"/etc/puppetlabs/puppet/ssl/public_keys/puppetmaster.nelson.va.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'localcacert':
'File[/etc/puppetlabs/puppet/ssl/certs/ca.pem]{:path=>"/etc/puppetlabs/puppet/ssl/certs/ca.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'hostcrl':
'File[/etc/puppetlabs/puppet/ssl/crl.pem]{:path=>"/etc/puppetlabs/puppet/ssl/crl.pem",
:mode=>"644", :owner=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cadir':
'File[/etc/puppetlabs/puppet/ssl/ca]{:path=>"/etc/puppetlabs/puppet/ssl/ca",
:mode=>"770", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cacert':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem",
:mode=>"660", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cakey':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_key.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_key.pem",
:mode=>"660", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'capub':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem",
:owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file, :loglevel=>:debug,
:links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cacrl':
'File[/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem]{:path=>"/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem",
:mode=>"664", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'caprivatedir':
'File[/etc/puppetlabs/puppet/ssl/ca/private]{:path=>"/etc/puppetlabs/puppet/ssl/ca/private",
:mode=>"770", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'csrdir':
'File[/etc/puppetlabs/puppet/ssl/ca/requests]{:path=>"/etc/puppetlabs/puppet/ssl/ca/requests",
:owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'signeddir':
'File[/etc/puppetlabs/puppet/ssl/ca/signed]{:path=>"/etc/puppetlabs/puppet/ssl/ca/signed",
:mode=>"770", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:directory,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'capass':
'File[/etc/puppetlabs/puppet/ssl/ca/private/ca.pass]{:path=>"/etc/puppetlabs/puppet/ssl/ca/private/ca.pass",
:mode=>"660", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'serial':
'File[/etc/puppetlabs/puppet/ssl/ca/serial]{:path=>"/etc/puppetlabs/puppet/ssl/ca/serial",
:mode=>"644", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: Using settings: adding file resource 'cert_inventory':
'File[/etc/puppetlabs/puppet/ssl/ca/inventory.txt]{:path=>"/etc/puppetlabs/puppet/ssl/ca/inventory.txt",
:mode=>"644", :owner=>"pe-puppet", :group=>"pe-puppet", :ensure=>:file,
:loglevel=>:debug, :links=>:follow, :backup=>false}'
Debug: /File[/var/opt/lib/pe-puppet/state]: Autorequiring
File[/var/opt/lib/pe-puppet]
Debug: /File[/var/opt/lib/pe-puppet/lib]: Autorequiring
File[/var/opt/lib/pe-puppet]
Debug: /File[/etc/puppetlabs/puppet/hiera.yaml]: Autorequiring
File[/etc/puppetlabs/puppet]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl]: Autorequiring
File[/etc/puppetlabs/puppet]
Debug: /File[/etc/puppetlabs/puppet/ssl/public_keys]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/certificate_requests]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/private_keys]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/private]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs/puppetmaster.nelson.va.pem]:
Autorequiring File[/etc/puppetlabs/puppet/ssl/certs]
Debug:
/File[/etc/puppetlabs/puppet/ssl/private_keys/puppetmaster.nelson.va.pem]:
Autorequiring File[/etc/puppetlabs/puppet/ssl/private_keys]
Debug:
/File[/etc/puppetlabs/puppet/ssl/public_keys/puppetmaster.nelson.va.pem]:
Autorequiring File[/etc/puppetlabs/puppet/ssl/public_keys]
Debug: /File[/etc/puppetlabs/puppet/ssl/certs/ca.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/certs]
Debug: /File[/etc/puppetlabs/puppet/ssl/crl.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca]: Autorequiring
File[/etc/puppetlabs/puppet/ssl]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_key.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/private]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/requests]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/signed]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/private/ca.pass]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca/private]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/serial]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: /File[/etc/puppetlabs/puppet/ssl/ca/inventory.txt]: Autorequiring
File[/etc/puppetlabs/puppet/ssl/ca]
Debug: Finishing transaction 28576860
Debug: Using cached certificate for ca
Debug: Using cached certificate_revocation_list for ca
Error: Could not find a serial number for server01
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority.rb:256:in
`revoke'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:22:in
`block in apply'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:21:in
`each'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority/interface.rb:21:in
`apply'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/ssl/certificate_authority.rb:76:in
`apply'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application/cert.rb:187:in `main'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:372:in `run_command'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `block (2
levels) in run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:456:in `plugin_hook'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `block in run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util.rb:504:in `exit_on_fail'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/application.rb:364:in `run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/command_line.rb:132:in `run'
/opt/puppet/lib/ruby/site_ruby/1.9.1/puppet/util/command_line.rb:86:in `execute'
/opt/puppet/bin/puppet:4:in `<main>'
[root@puppetmaster ~]# puppet --version
3.2.4 (Puppet Enterprise 3.0.1)</pre>
----------------------------------------
Bug #16657: puppet cert clean does not work for CSRs with DNS alt names
https://projects.puppetlabs.com/issues/16657#change-98770
* Author: Ruth Linehan
* Status: Accepted
* Priority: Normal
* Assignee: eric sorenson
* Category: SSL
* Target version: 3.x
* Affected Puppet version: 2.7.19
* Keywords:
* Branch:
----------------------------------------
On my puppet master on 2.7.19 (PE 2.6.0), if I try to run ``puppet cert clean``
on a pending CSR with DNS alt names I get the error
err: Could not call revoke: Could not find a serial number for node01
Could not find a serial number for node01
On 2.7.12 (PE 2.5.2) I got the same error, but it would still remove the CSR:
err: Could not call revoke: Could not find a serial number for node01
notice: Removing file Puppet::SSL::CertificateRequest node01 at
'/etc/puppetlabs/puppet/ssl/ca/requests/node01.pem'
This only happens with If it is signed first, then it can be cleaned.
Furthermore, (thanks nfagerlund for this) it works fine if the CSR was
submitted by a puppet agent process
using the same ssldir as the puppet master, but it blows up if the CSR came
from a different node.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/groups/opt_out.
