DISCLAIMER: I've been using puppet for about 8 hours. Have you regenerated your ssl certificates by nuking the ssl dir *(e.g. sudo rm -rf /var/lib/puppet/ssl) and restarting puppetmaster?
On Monday, July 2, 2012 2:59:10 PM UTC+1, Lorin Hochstein wrote: > > Hello: > > I'm trying to put a puppet master on an EC2 instance, and have it be > accessible to agentes using either its EC2 DNS name (e.g., > ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com) or a friendlier alias (e.g., > puppet.example.com). > > My /etc/puppet/puppet.conf looks like: > > [master] > certname=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com > dns_alt_names=ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, > puppet.example.com,puppet > > When I try to connect to puppet.example.com, I get the following error: > > Jun 29 20:57:58 precise32 puppet-agent[1178]: Could not send report: > Server hostname 'puppet.example.com' did not match server certificate; > expected one of ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, DNS: > ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com, DNS:puppet, DNS: > puppet.example.com > > What are the possible sources for this error? It looks like it expects > puppet.example.com as a valid name, but 'puppet.example.com' isn't > matching against DNS:puppet.example.com (?) > > I'm running Puppet 2.7.11 on ubuntu precise (12.04). > > Also, is there any way for an agent to trust the puppet master using only > a certificate instead of relying on DNS? > > Lorin > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/E_YgseqmvuYJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
