I did some poking around and I think I found a better hint as to what may be the issue (feel free to confirm).
in /etc/puppet/auth.conf, I had: # allow nodes to request a new certificate path /certificate_request auth any method find, save allow * But the installation has "certificate_requests" (corrected). Next, I see the actual requests are being cached in: /var/lib/puppet/ssl/ca/requests which I believe is wrong for 3.x... ? There is one outstanding request in there from another machine I accessed a while ago. For sake of clarity, here is the complete content of my auth.conf file, which until recently hasn't been changed since the initial installation: path ~ ^/catalog/([^/]+)$ method find allow $1 path ~ ^/node/([^/]+)$ method find allow $1 path /certificate_revocation_list/ca method find allow * path ~ ^/report/([^/]+)$ method save allow $1 path /file allow * path /certificate/ca auth any method find allow * path /certificate/ auth any method find allow * path /certificate_requests auth any method find, save allow * path / auth any The auth.conf on the client: path /run auth any method save allow our.serverdomain.com path / auth any I'm going to keep looking, but I wonder if I'm close to figuring this out...... Thanks. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
