On Monday, September 1, 2014 5:57:58 PM UTC-5, Jason Oakley wrote: > > My servers were working fine, when I got this error: > Inventory > Could not retrieve facts from inventory service: SSL_connect returned=1 > errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate > revoked > > Now, everything was working fine. Due to this error, I re-created the > certificate and all was well. Then, I logged onto the Master a day or two > later and the certificate is yet again revoked. > How do I stop this? > >
Puppet does not perform automatic certificate revokations. I have personally crawled the code to check. IIRC, the last time we had a question like this one, the user eventually discovered a separate automated process in his environment that was revoking certain certificates. If you have any kind of automated process around issuing certs, then that's the first place I would look. You could also consider making your ssl/ directory and everything in it read-only (immutable, if necessary), to try to identify the rogue behavior by forcing it to error out. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f6c5cc3b-0a38-4358-a48f-9e06aec13623%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.