certificate verification failed

[Sans]

Dear all,

I just moved my puppet-server [puppetmaster] from one machine to another machine and regenerated the certificate(s) for the agent but since then I'm getting these error on the client: 

 

[root@farm021 puppet]# puppetd -t
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: certificate verify failed.  This is often because the time is out of sync on the server or client
err: /File[/var/lib/puppet/lib]: Could not evaluate: certificate verify failed.  This is often because the time is out of sync on the server or client Could not retrieve file metadata for puppet://puppet.xxx.xxx.xxx.ac.uk/plugins: certificate verify failed.  This is often because the time is out of sync on the server or client
info: Loading facts in dmide_code
[ .... ]
info: Loading facts in num_core
err: Could not retrieve catalog from remote server: certificate verify failed.  This is often because the time is out of sync on the server or client
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: certificate verify failed.  This is often because the time is out of sync on the server or client

 

I already checked the date/time on the master and agent and they are synced. Does anyone know what might be the problem here?

Cheers,
San

[iceberg]

Did you try nuking the certs completely?  

[Sans]

What exactly the procedure is? On the agent, I did this:

# rm -f /var/lib/puppet/ssl/certs/*
# puppet certificate generate farm021 --ca-location remote

and on the server:

# puppetca clean --all
# /etc/init.d/puppetmaster start

Is that what you meant? Cheers!!

[iceberg]

Yes, but nuke the certs on the master too - delete the /var/lib/puppet/ssl/certs/*.  You want everything regenerated.

[Sans]

Thanks! That part is working now. cheers!!