Hi, I've got a puppet environment that's been around for nearly 5 years now, so I started getting warnings about certificate expiry:
Warning: Certificate 'Puppet CA: puppet0.example.com' will expire on 2017-12-30T02:36:41UTC Warning: Certificate 'puppet0.example.com' will expire on 2017-12-30T02:36:42UTC It's a very simple environment with only one puppetmaster, which is puppet0. So, I have the puppetlabs-certregen module and that took care of renewing the CA certificate. Now I only get: Warning: Certificate 'puppet0.example.com' will expire on 2017-12-30T02:36:42UTC on every host's agent run. I note that certregen specifically says it's not designed to deal with agent certificate renewal, so, what is the correct way to do it when we're talking about the agent that is also the puppetmaster? Searching around finds many suggestions of: # rm -vr /var/lib/puppet/ssl That doesn't seem appropriate for the host that's also the puppetmaster. I tried "puppet clean puppet0.example.com" in a test network but afterwards puppet0 couldn't regenerate its own agent certificate saying that it had been revoked, and neither could any other host's agent connect any more. What is actually the correct procedure when the host in question is also a master host? Cheers, Andy -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/20171101173232.GN3124%40bitfolk.com. For more options, visit https://groups.google.com/d/optout.
