quick followup… i've wiped /etc/puppet/ssl and /var/lib/puppet/ssl on the server. firing up puppetmasterd properly signs its own cert. that should give me a clean slate there, correct?
on the client, i did the same. requesting a cert with puppetd -d -v -- no-daemonize --test --waitforcert 60 produces the following: err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run so… what's cached here, and where do i resolve this? how do i regenerate the cert with the current key, and which key is it talking about here? On Sep 4, 10:55 pm, nate <foil...@gmail.com> wrote: > i'm testing things here and had to change the hostname of my > puppetmaster VM. pointing a client to it generates "info: Could not > find certificate for 'host.domain.com'" errors on the master and the > following on the client: > > debug: Using cached certificate for ca > warning: peer certificate won't be verified in this SSL session > > puppetmaster is running centos 5.4 with puppet 0.25.5. the client > right now is os x running puppet 2.6, but i have the same issues with > another centos VM and 0.25.5. > > so i tarred up the /var/puppet directory on the client, recreated it, > successfully requested a cert again, signed it on the master, then got > the following from the client: > > debug: OpenSSL: Error(19): self signed certificate in certificate > chain > debug: OpenSSL: Cert: /CN=ca > /Library/Ruby/Site/1.8/puppet/network/http_pool.rb:68: [BUG] > Segmentation fault > ruby 1.8.7 (2009-06-12 patchlevel 174) [universal-darwin10.0] > > on the master, i'm getting webrick errors like so: > > [2010-09-04 22:51:07] DEBUG close: 10.11.10.99:50292 > [2010-09-04 22:51:08] DEBUG accept: 10.11.10.99:50293 > [2010-09-04 22:51:09] ERROR OpenSSL::SSL::SSLError: > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > `accept' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:44:in > `listen' > /usr/lib/ruby/1.8/webrick/server.rb:173:in `call' > /usr/lib/ruby/1.8/webrick/server.rb:173:in `start_thread' > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:162:in `start_thread' > /usr/lib/ruby/1.8/webrick/server.rb:95:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:92:in `each' > /usr/lib/ruby/1.8/webrick/server.rb:92:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:23:in `start' > /usr/lib/ruby/1.8/webrick/server.rb:82:in `start' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:42:in > `listen' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `initialize' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `new' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:41:in > `listen' > /usr/lib/ruby/1.8/thread.rb:135:in `synchronize' > /usr/lib/ruby/site_ruby/1.8/puppet/network/http/webrick.rb:38:in > `listen' > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:131:in `listen' > /usr/lib/ruby/site_ruby/1.8/puppet/network/server.rb:146:in `start' > /usr/lib/ru > > after the hostname change, what's the best way to wipe the slate > clean? the setup has worked for me recently. i'd just like to get back > to a working state. thanks for any help. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
