[Puppet Users] issue regenerating puppetserver CA cert to add DNS alt names

Thu, 08 Apr 2021 07:50:04 -0700 

we are running puppetserver 6.12 and are following the guide here to
regenerate the cert to add dns alt names :
https://puppet.com/docs/puppet/6.21/ssl_regenerate_certificates.html#regenerate_agent_certs_and_add_dns_alt_names

however there are a number of steps which fail because essentially the
puppetserver can either no longer respond due to the cert being
revoked or because it has been stopped ( please see output below ) am
I missing something here ?

[root@sl1-puppet puppetserver]# puppetserver ca clean --certname
sl1-puppet.server.domain.com
Revoked certificate for sl1-puppet.server.domain.com
Cleaned files related to sl1-puppet.server.domain.com

[root@sl1-puppet puppetserver]# puppet ssl clean
Error: Could not run: Failed to connect to the CA to determine if
certificate sl1-puppet.server.domain.com has been cleaned
Wrapped exception:
certificate verify failed [certificate revoked for
CN=sl1-puppet.server.domain.com]

[root@sl1-puppet puppetserver]# puppet resource service puppetserver
ensure=stopped
Notice: /Service[puppetserver]/ensure: ensure changed 'running' to 'stopped'
service { 'puppetserver':
  ensure   => 'stopped',
  provider => 'systemd',
}

[root@sl1-puppet puppetserver]# puppetserver ca generate --certname
sl1-puppet.server.domain.com --subject-alt-names
puppet,ld4-puppet-lb.server.domain.com --ca-client
Fatal error when running action 'generate'
  Error: Failed connecting to
https://sl1-puppet.server.domain.com:8140/status/v1/simple/ca
  Root cause: 503 "Service Unavailable"

thanks very much for any help you can provide on this.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/CAOp5WB4xs%2BGCVbd_CO8TETYx_%2BAhdt1RjmjFbJmwj4mSctjieg%40mail.gmail.com.

Reply via email to