Hi Martin, Thanks for the details. Later this post, i realized that the server certificate is expired and need renewal. When I open this post I was in an assumption that the certificate on the client is a problem . Planning to upgrade and renew the certificate in the server and re-register the client s.
On Saturday, July 20, 2019 at 3:41:29 PM UTC+5:30, Martin Alfke wrote: > > Hi Veera, > > Puppet Server process generates a CA upon first start. > The CA will be put into place with a default validity of 5 years. > > You can verify the CA using openssl default commands to read CA > information in human readable format. > > Besides this: Puppet 2.7 is super outdated you should consider upgrading > Puppet on a fresh server which will then have a new CA with new validity. > > Best, > Martin > > > > On 19. Jul 2019, at 06:52, Veera Mani <svee...@gmail.com <javascript:>> > wrote: > > > > Hi, > > > > I am running puppet-server-2.7.25-1.el5 and > puppet-2.7.20-1.el6.rf.noarch clients. > > > > A puppet client which is running for more than 5 years is rebuild > and while adding the server to the puppet infrastructure again , we are > facing the below error. > > The client is properly removed from the master before it is re-built. > > > But still while adding the server back , the error occurs. > > > > running on Jul19 .. > > > > [root@client1 setup]# puppet agent --server wfpuppet.example.com > --waitforcert 60 --test > > info: Creating a new SSL key for client1.example.com > > info: Caching certificate for ca > > info: Creating a new SSL certificate request for client1.example.com > > info: Certificate Request fingerprint (md5): > CE:73:92:B6:37:76:52:57:45:86:C5:D8:68:22:3F:A0 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Caching certificate for ca > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Caching certificate for ca > > info: Caching certificate for client1.example.com > > info: Retrieving plugin > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at > > > > ................... Truncated ...................................... > > > > err: Could not retrieve catalog from remote server: > Thread(#<Thread:0x7f275f7ca370 run>) not locked. > > warning: Not using cache on failed catalog > > err: Could not retrieve catalog; skipping run > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > info: Not using expired certificate for ca from cache; expired at Tue > Jul 16 19:12:20 UTC 2019 > > > > ....................Truncated ................................ > > err: Could not request certificate: stack level too deep > > > > > > The configuration remains the same as in any client which is working > fine. Still facing the error? > > Is puppet master caching the expired certificate from cache ? > > > > "expired certificate for ca from cache;" > > > > > > > > I have followed the below puppet docs : > > > > > https://ask.puppet.com/question/16111/how-to-renew-expired-puppetmaster-certificates/ > > > > https://ask.puppet.com/question/32858/warning-certificate-puppet-ca-will-expire-on-how-to-renew-certificates-on-302/ > > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to puppet...@googlegroups.com <javascript:>. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/e29c37cd-4d69-44a6-b51f-5eefaccff99f%40googlegroups.com. > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/0de09581-8925-43c0-9885-097f0fd60069%40googlegroups.com.
