Failed to connect to PuppetDB. Check settings (hostname does not match the server certificate) but what settings?

309 views
Skip to first unread message

Kim Nielsen

unread,
Aug 15, 2014, 3:25:58 AM8/15/14
to puppet...@googlegroups.com

Hi all,


I needed to change the hostname for our puppet enterprise solutions so I did. I also recreated all SSL certificates with cut’n’paste from this guide:


https://docs.puppetlabs.com/pe/latest/trouble_regenerate_certs_monolithic.html


and replaced all of the old name references to the new one

no errors or nothing. Only no when accessing events in the GUI I get this in my logfile and I can no longer see new clients. 

ERROR 2014-08-15 07:10 UTC: Failed to connect to PuppetDB. Check settings (hostname does not match the server certificate)

the logs so nicely says I should check my settings but the big question is what setting and what file.

Can anyone give a hint ? 


I also did several other tests like puppet agent -t and all seems fine except the connection from the dashboard to the puppetdb


/Kim

José Luis Ledesma

unread,
Aug 15, 2014, 12:52:59 PM8/15/14
to puppet...@googlegroups.com

This error means that the hostname in puppetdb.conf doesn't match the puppetdb certificate hostname

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/16706231-49be-4ed7-af03-3a5b2da62c90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Kim Nielsen

unread,
Aug 15, 2014, 1:26:26 PM8/15/14
to puppet...@googlegroups.com
Hi,

I wish this was tru but my puppetdb.conf looks like this:


[main]
port = 8081
certname = puppetwin.xxx.dk

and connecting to the puppetdb gives this certificate:

openssl s_client -connect xxx.xxx.xxx.xxx:8081
CONNECTED(00000003)
depth=0 CN = puppetwin.xxx.dk
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = puppetwin.xxx.dk
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = puppetwin.xxx.dk
verify error:num=21:unable to verify the first certificate
verify return:1
140707100747592:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
   i:/CN=Puppet CA generated on puppetwin.xxx.dk at 2013-11-27 19:12:26 +0100

or am I looking the wrong place ?

Juan Sierra Pons

unread,
Aug 15, 2014, 1:36:34 PM8/15/14
to puppet...@googlegroups.com


Hi

If you installed puppetdb using puppetlabs-puppetdb. Usually removing router.yaml and puppetdb.conf on /etc/puppet folder and running Puppet again fixes it

Disclaimer: I am not in front of the computer so I am not sure if the files' names are misspelled. Also make a backup just in case.

Hope it helps

Best regards

Kim Nielsen

unread,
Aug 15, 2014, 1:51:19 PM8/15/14
to puppet...@googlegroups.com
Hi,

No I just changed hostname on the machine and replaced all names in /etc/puppetlabs/ and generated new certificates. I don't have a router.yaml anywhere on my host

/Kim
Reply all
Reply to author
Forward
0 new messages