On Thu, Sep 30, 2010 at 6:20 AM, Daniel Maher <[email protected]> wrote: > I removed /var/lib/puppet/ssl/certs/<puppetmaster_fqdn>.pem , then ran > puppetd with --waitforcert <puppetmaster_fqdn>. Unfortunately, when i run a > puppetca --list --all , <puppetmaster_fqdn> is not listed, even though there > is very clearly a request pem in /var/lib/puppet/ssl/certificate_requests .
So first bbackup you ssl dir, then try the following command: puppetca --clean <puppetmaster_fqdn> puppetca --generate <puppetmaster_fqdn> --certdnsname="puppet;puppetmaster" In certdnsname, provide a list of DNS cname to puppet master, and include puppet for convenience. > Executing puppetca --clean <puppetmaster_fqdn> removes the private key (as > expected), but does not change the error condition. I also tried puppetca > --revoke <puppetmaster_fqdn> ; no change. This will add a few more wrinkles, once the certificate is generated, it will list as revoked: # puppet cert --list --all - <puppetmaster_fqdn> (D7:B1:1B:33:80:51:2C:11:24:C5:EF:CE:92:04:4A:24) (certificate revoked) If you have a backup of the certificate revocation list restore it. I don't know the command to undo a single revoke off hand. Thanks, Nan -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
