Team,
We have 300+ nodes in our environment. I accidently cleaned the puppet master certificate (puppet cert --clean puppetmaster), but there was a backup for the master server, so i could restore the following certs
/var/lib/puppet/ssl/certs/puppetmaster.xxxx.com.pem
/var/lib/puppet/ssl/ca/signed/puppetmaster.xxxx.com.pem
/var/lib/puppet/ssl/private_keys/puppetmaster.xxxx.com.pem
After restore certificate status shows,
- "puppermaster.xxxx.com" (SHA256) 5B:10:6A:27:96:7C:BD:19:E9:BD:20:26:0F:E9:77:01:E0:EB:8D:65:94:3C:D5:E4:82:8D:1C:07:87:E1:4A:43 (certificate revoked)
Now i couldn't add new nodes and nodes throwing following error
Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=puppetmaster.xxxx.com]
How i can resolve the issue without generating new cert for master?
Do i need to sign again or restart the master and try?
↧