On Thu, Jan 13, 2011 at 12:20 PM, Wesley Wu <wesley.q...@gmail.com> wrote: > Just installed Puppet 2.6.4 on Ubuntu 10.10 > > I was trying to restart the puppet agent but got the following error > and the agent didn't run: > > $ sudo puppetd --server server.domain.com --waitforcert 60 --test > err: Could not retrieve catalog from remote server: SSL_connect > returned=1 errno=0 state=SSLv3 read server certificate B: certificate > verify failed > warning: Not using cache on failed catalog > err: Could not retrieve catalog; skipping run > > I have the puppet master running on "server.domain.com"
Time was already mentioned, so the next thing to check is a hostname mis-match between the client thinks it's name is (server.domain.com) and what the master thinks it's hostname is. To check this, please run facter fqdn on the puppet master and let us know your results. The puppet master generates a SSL certificate containing three hostnames. These are: 1: the results of "facter fqdn" 2: puppet.`facter domain` 3: puppet So, on my test machine facter fqdn returns test.puppetlabs.vm and facter domain returns puppetlabs.vm The names in the resulting certificate are test.puppetlabs.vm, puppet.puppetlabs.vm and puppet. If the agent uses any name other than those three, you'll get a certificate verification error. To fix the problem you could also add additional names to the generated certificate. Blow away the bad SSL certificate and try: puppet master --certdnsnames server:server.domain.com Hope this helps, -- Jeff McCune -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
