On Monday, September 1, 2014 5:57:58 PM UTC-5, Jason Oakley wrote: > > My servers were working fine, when I got this error: > Inventory > Could not retrieve facts from inventory service: SSL_connect returned=1 > errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate > revoked > > Now, everything was working fine. Due to this error, I re-created the > certificate and all was well. Then, I logged onto the Master a day or two > later and the certificate is yet again revoked. > How do I stop this? > >
Puppet does not perform automatic certificate revokations. I have personally crawled the code to check. IIRC, the last time we had a question like this one, the user eventually discovered a separate automated process in his environment that was revoking certain certificates. If you have any kind of automated process around issuing certs, then that's the first place I would look. You could also consider making your ssl/ directory and everything in it read-only (immutable, if necessary), to try to identify the rogue behavior by forcing it to error out. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f6c5cc3b-0a38-4358-a48f-9e06aec13623%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
