Hello Morgan, If you are refferring to the cert being in the conf/ssl/certs folder, then yes, our.puppet.domain.pem is in the folder. When running the 'puppet cert list --all' I see three certificates (in the SHA256 format):
- computername.our.puppet.domain - our.puppet.domain - servername.our.puppet.domain If it is a DNS issue, do I have to likely change something from the docker-compose side? On Thursday, October 18, 2018 at 2:14:54 PM UTC-7, Morgan Rhodes wrote: > > Hi Rohit, > > Is the hostname from `/CN=our.puppet.domain` showing up in your > puppetserver's certificate? You can verify that with `puppet cert list > --all` on the puppetserver container. This looks like a DNS issue. > > On Thursday, October 18, 2018 at 11:41:16 AM UTC-7, Rohit wrote: >> >> Hello, we currently have a puppet docker container setup and are >> experiencing certificate issues. Basically, in our docker setup (on our >> main server) I had generated and signed new certificates, but the puppet_db >> container keeps restarting. Here are logs from the puppet_db container: >> >> ‘Error: Could not retrieve catalog from remote server: SSL_connect >> returned=1 errno=0 state=error: certificate verify failed: [unable to get >> local issuer certificate for /CN=our.puppet.domain] >> Error: Could not retrieve catalog; skipping run >> Error: Could not send report: SSL_connect returned=1 errno=0 >> state=error: certificate verify failed: [unable to get local issuer >> certificate for /CN=our.puppet.domain]’ >> >> I have tried series of steps to solve this problem as it looks like >> Puppet is not functioning correctly as our servers are not properly >> listening to the host server. Any idea what I can do to solve this problem? >> For reference, we are running Puppet_DB version 4.2 and Puppet Server >> version 2.7.2, all of which is set up on a docker container environment on >> one server. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/899d2bf7-ceed-4d9e-bd24-c4ba2cc93928%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
