So I'm trying to use Ansible to automate the process of re-enrolling all my systems after the upgrade from 3.8.6 to 4.3, and many (though not all) of my clients are reporting thusly:
# *rpm -rf /var/lib/puppet/ssl /etc/puppet/ssl /etc/puppetlabs/puppet/ssl* # *ssh puppet puppet cert list host.internal.net* Error: Could not find a certificate for host.internal.net # *puppet agent -t --noop* Info: Creating a new SSL key for host.internal.net Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for host.internal.net Info: Certificate Request fingerprint (SHA256): 75:6A:17:... Info: Caching certificate for host.internal.net Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [unable to get local issuer certificate for /CN=puppet.internal.net] Exiting: failed to retrieve certificate and waitforcert is disabled # *ssh root@puppet puppet cert list -a | grep host.internal.net* + "host.internal.net" (SHA256) 42:AF:68:... # *puppet agent --version* 3.8.6 # I'm having success on other 3.8.6 clients and others as far back as 3.8.1. What's going on here that I'm not understanding? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6717bc33-381d-4890-90c0-a9be684dc9e5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
