How can I track down where the issue for this is? I've found some bugs and blog posts that seem to be related [1][2] and I've followed all of the instructions and checked ALL of the versions related. I'm running Ruby 1.8.7 and Puppet 2.7.9 on both sides of the equation, which appear to be "OK" versions by everyone's posting. I've got as far as doing a `puppet cert clean --all` and `puppet cert clean puppet.company.com` and regenerating. Still doesn't work. I've also followed every step on only Puppet Doc's page that I can find related entries on [3]
-Jon [1] http://projects.puppetlabs.com/issues/9084 [2] http://urgetopunt.com/puppet/2011/09/14/puppet-ruby19.html [3] http://docs.puppetlabs.com/pe/2.0/maint_common_config_errors.html#do-agents-trust-the-masters-certificate On Tue, Feb 21, 2012 at 16:56, Jon Davis <j...@snowulf.com> wrote: > I recently built, added to puppet and then nuked a server. Before I > re-added the machine (after I rebuilt it, with the same name), I went to > the puppet server and ran `puppet cert revoke dev-8.company.com` and > `puppet cert clean dev-8.company.com`. Now when puppet runs on ANY > server in my environment, they get the following error: > > info: Caching certificate for dev-8.company.com > *err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed. This is often because the time is out of sync on the server > or client* > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > *err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 > read server certificate B: certificate verify failed. This is often > because the time is out of sync on the server or client* > > > Now I know for a fact that it isn't a time issue because the puppet server > is on NTP as are the clients. The new machine is also within 1-2 seconds > of server time. All of the clients are configured to run (via Cron) > `/usr/sbin/puppetd --onetime --no-daemonize --logdest syslog --server > puppet.company.com`. The server is named puppet-1.company.com but > puppet. is a valid cname. I've tried rebooting the puppet server, I've > tried upgrading it, just about anything I can think of. > > Any help would be greatly appreciated. > -Jon > > PS Both clients and server are running Ubuntu: > > root@puppet-1:/etc/puppet# cat /etc/lsb-release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=11.10 > DISTRIB_CODENAME=oneiric > DISTRIB_DESCRIPTION="Ubuntu 11.10" > > root@puppet-1:/etc/puppet# uname -a > Linux puppet-1 3.0.0-16-server #28-Ubuntu SMP Fri Jan 27 18:03:45 UTC 2012 > x86_64 x86_64 x86_64 GNU/Linux > > > > -- > Jon > [[User:ShakataGaNai]] / KJ6FNQ > http://snowulf.com/ > http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> > > -- Jon [[User:ShakataGaNai]] / KJ6FNQ http://snowulf.com/ http://www.linkedin.com/in/shakataganai <http://twitter.com/shakataganai> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
