tlsv1 alert decrypt error
818 views
Skip to first unread message
Tim Harper
Dec 31, 2008, 2:00:03 PM12/31/08
to puppet...@googlegroups.com
I'm using the standard webrick server with puppet, and I just started getting this today (for no apparent reason).
info: Loading fact custom_facts
info: Retrieving plugins
err: /File[/var/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: tlsv1 alert decrypt error
err: /File[/var/puppet/lib]: Failed to retrieve current state of resource: Certificates were not trusted: tlsv1 alert decrypt error Could not describe /plugins: Certificates were not trusted: tlsv1 alert decrypt error
info: Loading fact custom_facts
err: Could not retrieve catalog: Certificates were not trusted: tlsv1 alert decrypt error
warning: Not using cache on failed catalog
I've deleted my certificate, regenerated it, resigned it, and then this error message came again. Anybody run into this or have any clues what to look for?
Thanks,
Tim
RijilV
Dec 31, 2008, 2:05:40 PM12/31/08
to puppet...@googlegroups.com
2008/12/31 Tim Harper <timch...@gmail.com>
What do the puppet client and puppet server think the time is?
.r'
Tim Harper
Dec 31, 2008, 2:07:57 PM12/31/08
to puppet...@googlegroups.com
That's an interesting idea: the client and the server are on the same
machine.<br><br><div>I wiped out the /var/puppet/ssl directory and
/var/puppet, and regenerated the cert from scratch. Still the same
error :(</div><div><br></div><div>Tim</div><div><br><div
class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span
dir="ltr"><rij...@riji.lv></span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex;"><br><br><div class="gmail_quote">2008/12/31
Tim Harper <span dir="ltr"><<a href="mailto:timch...@gmail.com"
target="_blank">timch...@gmail.com</a>></span><div><div></div><div
class="Wj3C7c"><br><blockquote class="gmail_quote"
style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt
0.8ex;padding-left:1ex">
<div>I'm using the standard webrick server with puppet, and I just
started getting this today (for no apparent
reason).</div><div><br></div><div>info: Loading fact
custom_facts</div><div>info: Retrieving plugins</div>
<div>
err: /File[/var/puppet/lib]: Failed to generate additional resources
during transaction: Certificates were not trusted: tlsv1 alert decrypt
error</div><div>err: /File[/var/puppet/lib]: Failed to retrieve
current state of resource: Certificates were not trusted: tlsv1 alert
decrypt error Could not describe /plugins: Certificates were not
trusted: tlsv1 alert decrypt error</di
machine.<br><br><div>I wiped out the /var/puppet/ssl directory and
/var/puppet, and regenerated the cert from scratch. Still the same
error :(</div><div><br></div><div>Tim</div><div><br><div
class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span
dir="ltr"><rij...@riji.lv></span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex;"><br><br><div class="gmail_quote">2008/12/31
Tim Harper <span dir="ltr"><<a href="mailto:timch...@gmail.com"
target="_blank">timch...@gmail.com</a>></span><div><div></div><div
class="Wj3C7c"><br><blockquote class="gmail_quote"
style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt
0.8ex;padding-left:1ex">
<div>I'm using the standard webrick server with puppet, and I just
started getting this today (for no apparent
custom_facts</div><div>info: Retrieving plugins</div>
<div>
err: /File[/var/puppet/lib]: Failed to generate additional resources
during transaction: Certificates were not trusted: tlsv1 alert decrypt
current state of resource: Certificates were not trusted: tlsv1 alert
decrypt error Could not describe /plugins: Certificates were not
Tim Harper
Dec 31, 2008, 2:26:26 PM12/31/08
to puppet...@googlegroups.com
<span class="Apple-style-span" style="border-collapse: collapse;
"><div>GMAIL is driving me crazy... i have no idea why it started to
mess up like this.</div><div><br></div>That's an interesting idea: the
client and the server are on the same<br>machine.</span><div><span
class="Apple-style-span" style="border-collapse:
collapse;"><br></span></div><div><span class="Apple-style-span"
style="border-collapse: collapse; ">I wiped out the /var/puppet/ssl
directory and<br>/var/puppet, and regenerated the cert from scratch.
Still the same<br>error :(</span><br><br><div class="gmail_quote">On
Wed, Dec 31, 2008 at 12:07 PM, Tim Harper <span
dir="ltr"><timch...@gmail.com></span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex;">That's an interesting idea: the client and
the server are on the same<br>
machine.<br><br><div>I wiped out the /var/puppet/ssl directory and<br>
/var/puppet, and regenerated the cert from scratch. Still the same<br>
error :(</div><div><br></div><div><wbr>Tim</div><div><br><div<br>
class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span<br>
dir="ltr">&<a
href="mailto:lt%3Bri...@riji.lv">lt;rij...@riji.lv</a>><<wbr>/span>
wrote:<br><blockquote<br>
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc<br>
solid;padding-left:
"><div>GMAIL is driving me crazy... i have no idea why it started to
mess up like this.</div><div><br></div>That's an interesting idea: the
client and the server are on the same<br>machine.</span><div><span
class="Apple-style-span" style="border-collapse:
collapse;"><br></span></div><div><span class="Apple-style-span"
style="border-collapse: collapse; ">I wiped out the /var/puppet/ssl
directory and<br>/var/puppet, and regenerated the cert from scratch.
Still the same<br>error :(</span><br><br><div class="gmail_quote">On
Wed, Dec 31, 2008 at 12:07 PM, Tim Harper <span
dir="ltr"><timch...@gmail.com></span> wrote:<br><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
the server are on the same<br>
machine.<br><br><div>I wiped out the /var/puppet/ssl directory and<br>
/var/puppet, and regenerated the cert from scratch. Still the same<br>
error :(</div><div><br></div><div><wbr>Tim</div><div><br><div<br>
class="gmail_quote">On Wed, Dec 31, 2008 at 12:05 PM, RijilV <span<br>
dir="ltr">&<a
href="mailto:lt%3Bri...@riji.lv">lt;rij...@riji.lv</a>><<wbr>/span>
wrote:<br><blockquote<br>
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc<br>
solid;padding-left:
Tim Harper
Dec 31, 2008, 2:27:57 PM12/31/08
to puppet...@googlegroups.com
GMAIL is driving me crazy... i have no idea why it started to
mess up like this.
mess up like this.
That's an interesting idea: the client and the server are on the same machine.
I wiped out the /var/puppet/ssl directory and /var/puppet, and
regenerated the cert from scratch. Still the same error :(
Tim Harper
Dec 31, 2008, 2:30:08 PM12/31/08
to puppet...@googlegroups.com
It also may be noteworthy to mention that I'm using the same cert for
more than one machine. It looks like this may be what's messing
things up. I was hoping to have a way to automatically connect a new
machine to puppet with out having to pair a new cert. I guess I'm
wrong in my approach.
more than one machine. It looks like this may be what's messing
things up. I was hoping to have a way to automatically connect a new
machine to puppet with out having to pair a new cert. I guess I'm
wrong in my approach.
Tim
Tim Harper
Dec 31, 2008, 3:00:05 PM12/31/08
to puppet...@googlegroups.com
I found the issue: my mass propagation script was blowing away the
server cert information when deploying the client certs to the
machines. Making me feel really, really silly, and wishing I had the
last 2 hours back.
server cert information when deploying the client certs to the
machines. Making me feel really, really silly, and wishing I had the
last 2 hours back.
Tim
Reply all
Reply to author
Forward
0 new messages