Error: Could not run: The CRL issued by 'CN=Puppet CA: server.example.com' is missing

[Timothy Nelson]

Hi all.  I'm in the process of setting up a new puppet server, and I'm trying to get my old puppet server to set up the server for me.  My old server is puppetserver-5.3.3.  My new server is puppet-agent-6.7.2.  The first puppet run was successful; the first puppet run installs a bunch of puppet modules, and then changes the environment (ie. sets the environment variable in puppet.conf to a new value).  This was all successful, but then on the second run, it gave me the following error:

Error: Could not run: The CRL issued by 'CN=Puppet CA: server.example.com' is missing

I tried changing back to the original environment.  Still the same error.  Tried changing to a non-existent environment.  Same error.  

I tried googling for this error, and the two or so relevant hits I found were in the source code.  

I thought I'd ask here and see if anyone had any relevant ideas about what might be wrong, and how that should be fixed.  

[Josh Cooper]

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CANZ4r3bbf%3DQOMLqOho8oVgAJZehw3Ow9WjFGmU%3Dse-Usz-qPNA%40mail.gmail.com.

My guess is that puppetserver 5.x cannot serve multiple CRLs, which is necessary when using an intermediate CA certificate (https://tickets.puppetlabs.com/browse/SERVER-2205). What does `puppet ssl verify` display on the 6.x agent?

Josh

--

Josh Cooper | Software Engineer

jo...@puppet.com | @coopjn

Join us for Puppetize PDX 9-10 October.

[Timothy Nelson]

Interesting thought; thanks!  

It gives the same error as the other command did.  

If that's the case, I'm slightly confused as to why it worked the first time.  

Thanks again!

Josh

--

Josh Cooper | Software Engineer

jo...@puppet.com | @coopjn

Join us for Puppetize PDX 9-10 October.

--

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2Bu97um%2BchtYBNzncK075vuKAj-JtqaPLnSWVZ2aqupODi9%3DoQ%40mail.gmail.com.