Hello, all. Let's say I authenticate a server against my puppet master at puppet.example.com, we'll call it apt.example.com. All goes well; it's peachy. Then, apt.example.com dies and I have to authenticate a _new_ apt.example.com against puppet master.
root@apt:~# puppet agent --test --noop info: Creating a new SSL key for apt.example.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for apt.example.com err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled Not entirely unexpected. So, root@puppet:~# puppet cert --revoke apt.example.com notice: Revoked certificate with serial 3 but then, root@apt:~# puppet agent --test --noop err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled as such, root@apt:~# puppet agent --test --noop info: Creating a new SSL key for apt.example.com warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for apt.example.com err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and waitforcert is disabled Absolute madness. I can delete the contents of puppet master's ssldir and everything works, but that brings my cluster back to null and I cannot do that. How do I actually revoke a faulty certificate? root@apt:~# cat /etc/debian_version 6.0.2 root@apt:~# puppet --version 2.7.1 -- Brian L. Troutwine -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
