Hi everyone, I have a question: Is the puppetserver expected to honor the srv records to find the puppet ca server? We have the problem that since switching our puppet server detection from explicit settings in the puppet.conf-File to srv records, we cannot remove certificates from puppetserver any more and get the following error:
root@<puppetmaster>:~# puppetserver ca clean --certname <some-client> [... long delay ...] Fatal error when running action 'clean' Error: Failed connecting to https://puppet:8140/puppet-ca/v1/certificate_status/ Root cause: execution expired We use a non-standard name for our puppet/puppetca host, and have that correctly (I hope so set up) in the DNS: # dig +short -t SRV _x-puppet-ca._tcp.<our-domain> 10 0 8140 <our puppet-ca-server>. The relevant puppet config looks like this: # grep -e ^\\[ -e srv -e ca /etc/puppetlabs/puppet/puppet.conf [main] srv_domain = mip-platform.net use_srv_records = true vardir = /opt/puppetlabs/puppet/cache [agent] localconfig = $vardir/localconfig usecacheonfailure = true [master] ca = true We are using puppet/pupperserver 5: # puppetserver --version puppetserver version: 5.3.8 root@puppet-b1-01:~# puppet --version 5.5.14 Any hints would be greatly appreciated! Best regards Karsten -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAL017hA8t5Hq-5gaGNa368a%2BnvbstB7H7JLig_OemsYM%2B-xdaQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
