I did some poking around and I think I found a better hint as to what may be the issue (feel free to confirm).
in /etc/puppet/auth.conf, I had: # allow nodes to request a new certificate path /certificate_request auth any method find, save allow * But the installation has "certificate_requests" (corrected). Next, I see the actual requests are being cached in: /var/lib/puppet/ssl/ca/requests which I believe is wrong for 3.x... ? There is one outstanding request in there from another machine I accessed a while ago. For sake of clarity, here is the complete content of my auth.conf file, which until recently hasn't been changed since the initial installation: path ~ ^/catalog/([^/]+)$ method find allow $1 path ~ ^/node/([^/]+)$ method find allow $1 path /certificate_revocation_list/ca method find allow * path ~ ^/report/([^/]+)$ method save allow $1 path /file allow * path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_requests auth any method find, save allow * path / auth any The auth.conf on the client: path /run auth any method save allow our.serverdomain.com path / auth any I'm going to keep looking, but I wonder if I'm close to figuring this out...... Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
