issue regenerating puppetserver CA cert to add DNS alt names
24 views
Skip to first unread message
Andy Hall
Apr 8, 2021, 10:50:10 AM4/8/21
to puppet...@googlegroups.com
we are running puppetserver 6.12 and are following the guide here to
regenerate the cert to add dns alt names :
https://puppet.com/docs/puppet/6.21/ssl_regenerate_certificates.html#regenerate_agent_certs_and_add_dns_alt_names
however there are a number of steps which fail because essentially the
puppetserver can either no longer respond due to the cert being
revoked or because it has been stopped ( please see output below ) am
I missing something here ?
[root@sl1-puppet puppetserver]# puppetserver ca clean --certname
sl1-puppet.server.domain.com
Revoked certificate for sl1-puppet.server.domain.com
Cleaned files related to sl1-puppet.server.domain.com
[root@sl1-puppet puppetserver]# puppet ssl clean
Error: Could not run: Failed to connect to the CA to determine if
certificate sl1-puppet.server.domain.com has been cleaned
Wrapped exception:
certificate verify failed [certificate revoked for
CN=sl1-puppet.server.domain.com]
[root@sl1-puppet puppetserver]# puppet resource service puppetserver
ensure=stopped
Notice: /Service[puppetserver]/ensure: ensure changed 'running' to 'stopped'
service { 'puppetserver':
ensure => 'stopped',
provider => 'systemd',
}
[root@sl1-puppet puppetserver]# puppetserver ca generate --certname
sl1-puppet.server.domain.com --subject-alt-names
puppet,ld4-puppet-lb.server.domain.com --ca-client
Fatal error when running action 'generate'
Error: Failed connecting to
https://sl1-puppet.server.domain.com:8140/status/v1/simple/ca
Root cause: 503 "Service Unavailable"
thanks very much for any help you can provide on this.
regenerate the cert to add dns alt names :
https://puppet.com/docs/puppet/6.21/ssl_regenerate_certificates.html#regenerate_agent_certs_and_add_dns_alt_names
however there are a number of steps which fail because essentially the
puppetserver can either no longer respond due to the cert being
revoked or because it has been stopped ( please see output below ) am
I missing something here ?
[root@sl1-puppet puppetserver]# puppetserver ca clean --certname
sl1-puppet.server.domain.com
Revoked certificate for sl1-puppet.server.domain.com
Cleaned files related to sl1-puppet.server.domain.com
[root@sl1-puppet puppetserver]# puppet ssl clean
Error: Could not run: Failed to connect to the CA to determine if
certificate sl1-puppet.server.domain.com has been cleaned
Wrapped exception:
certificate verify failed [certificate revoked for
CN=sl1-puppet.server.domain.com]
[root@sl1-puppet puppetserver]# puppet resource service puppetserver
ensure=stopped
Notice: /Service[puppetserver]/ensure: ensure changed 'running' to 'stopped'
service { 'puppetserver':
ensure => 'stopped',
provider => 'systemd',
}
[root@sl1-puppet puppetserver]# puppetserver ca generate --certname
sl1-puppet.server.domain.com --subject-alt-names
puppet,ld4-puppet-lb.server.domain.com --ca-client
Fatal error when running action 'generate'
Error: Failed connecting to
https://sl1-puppet.server.domain.com:8140/status/v1/simple/ca
Root cause: 503 "Service Unavailable"
thanks very much for any help you can provide on this.
Reply all
Reply to author
Forward
0 new messages