问题:

[root@control-01 .ssh]# puppet agent -tv

Warning: Unable to fetch my node definition, but the agent run will continue:

Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

Info: Retrieving pluginfacts

Error: /File[/var/lib/puppet/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

Error: /File[/var/lib/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/pluginfacts: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

Info: Retrieving plugin

Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

Error: /File[/var/lib/puppet/lib]: Could not evaluate: Could not retrieve file metadata for puppet://foreman.abc.com/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

Warning: Not using cache on failed catalog

Error: Could not retrieve catalog; skipping run

Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [CRL has expired for /CN=foreman.abc.com]

解决:

[root@control-01 .ssh]# cat /etc/puppet/puppet.conf 

[main]

vardir = /var/lib/puppet

logdir = /var/log/puppet

rundir = /var/run/puppet

ssldir = $vardir/ssl

[agent]

pluginsync      = true

report          = true

ignoreschedules = true

daemon          = false

ca_server       = foreman.abc.com

certname        = control-01.abc.com

environment     = stable

server          = foreman.abc.com

[root@control-01 .ssh]# cd /var/lib/puppet/

[root@control-01 puppet]# mv ssl ssl.bak

[root@control-01 puppet]# puppet agent --test

Info: Creating a new SSL key for control-01.abc.com

Info: Caching certificate for ca

Info: Caching certificate for control-01.abc.com

Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.

Certificate fingerprint: 7D:D8:2C:03:20:EB:XXXXX:4B:84

To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.

On the master:

  puppet cert clean control-01.abc.com

On the agent:

  1a. On most platforms: find /var/lib/puppet/ssl -name control-01.abc.com.pem -delete

  1b. On Windows: del "/var/lib/puppet/ssl/control-01.abc.com.pem" /f

  2. puppet agent -t

根据最后提示来在master和client上执行命令

[linux tips] puppet client ssl 证书过期的更多相关文章

  1. ssl证书过期问题

    问题:linux服务器ssl证书过期,申请新证书后,也更换了服务器的证书,但是网页一直提示证书过期 解决:经分析后,发现服务器架构为waf->slb->esc,域名并未直接解析到slb,解 ...

  2. Splunk < 6.3 版本 SSL 证书过期事宜

    最近Splunk发出邮件提醒客户SSL证书过期事宜. 问题看起来比较严重,因为所有的实例,包括 forwarder\peernode\indexer\master node 等等都受影响,而且Depl ...

  3. 阿里云ssl证书过期怎么解决 (免费SSL证书) 三步解决

    阿里云ssl证书过期怎么解决(免费SSL证书),三步解决 使用免费的SSL证书网站  https://ohttps.com 1.注册帐号 2.申请证书 3.部署到阿里云 4.注意事项 1.注册帐号 到 ...

  4. linux系统下安装ssl证书(tomcat)

    1.申请ssl证书 2.下载ssl证书 打开此网址  https://myssl.com/cert_convert.html 将证书文件(xxx.com.crt)和密钥文件上传(xxx.com.key ...

  5. 在 Azure 中的 Linux 虚拟机上使用 SSL 证书保护 Web 服务器

    若要保护 Web 服务器,可以使用安全套接字层 (SSL) 证书来加密 Web 流量. 这些 SSL 证书可存储在 Azure Key Vault 中,并可安全部署到 Azure 中的 Linux 虚 ...

  6. ssl证书过期问题解决

    1,ssl证书失效现象 小程序debug有如下证书无效信息: 浏览器访问https://ic-park.net:30001/indoornav/callFunction1.php 提示证书风险. 2, ...

  7. zabbix监控ssl证书过期时间

    获取证书过期时间脚本: /etc/zabbix/scripts/check-cert-expire.sh: #!/bin/bash host=$ port=$ end_date=`/usr/bin/o ...

  8. Linux服务系统申请SSL证书方法

    inux主要面向专业性较强的技术人员,如果是WEB站点通常采取PHP语言为主选,可选的服务器环境中有Apache.Nginx.Tomcat这几类为主的框架环境,有的图方便会用一些可视化一键式的控制面板 ...

  9. linux下nginx配置ssl证书(https)

    nginx配置ssl很简单,首先需要两个文件,一个是crt文件,另一个是key文件,如下所示: xxx.crt;  #(证书公钥)xxx.key; #(证书私钥) 把这两个文件放到nginx的conf ...

随机推荐

  1. Windows 8下完美使用Virtual PC 2007(virtual pc 2007 64 win8 兼容性)

    Windows 8下完美使用Virtual PC 2007(virtual pc 2007 64 win8 兼容性) 一.从微软的官方网站下载Virtual PC 2007 SP1英文版,文件名为se ...

  2. 半吊子菜鸟学Web开发6 -- Vscode开发环境配置

    1vscode上手一周不到,终于弄出点门路,终于弄清楚了点vscode的设置是什么样子的了....哭 2就我这两天的使用来看,一般vscode默认只让打开一个文件夹,然后在你打开的文件夹里面自动生成 ...

  3. C++ bind 和 ref

    #include <functional>#include <iostream> void f(int& n1, int& n2, const int& ...

  4. 渲染一个react?

    分为首次渲染和更新渲染 生命周期, 建立虚拟DOM, 进行diff算法 对比新旧DOM, 节点对比, 将算法复杂度从O(n^3)降低到O(n) key值优化, 避免用index作为key值, 兄弟节点 ...

  5. 开启 Spring Boot 特性有哪几种方式?

    1)继承spring-boot-starter-parent项目 2)导入spring-boot-dependencies项目依赖

  6. CHAR 和 VARCHAR 的区别?

    1.CHAR 和 VARCHAR 类型在存储和检索方面有所不同 2.CHAR 列长度固定为创建表时声明的长度,长度值范围是 1 到 255 当 CHAR 值被存储时,它们被用空格填充到特定长度,检索  ...

  7. Mosquitto安装和使用

    Mosquitto是一个实现了MQTT3.1协议的代理服务器,由MQTT协议创始人之一的Andy Stanford-Clark开发,它为我们提供了非常棒的轻量级数据交换的解决方案. 下载地址是: ht ...

  8. ctfhub web信息泄露备份文件下载(vim缓存 Ds-Store)

    Vim缓存 进入环境由于不懂得vim是什么借鉴大佬的博客 网页提示flag在index.php中我们按着这个思路去找 将文件保存下来因为是swp文件我们用kail进行打开 使用vim -r index ...

  9. 使用Google Closure Compiler高级压缩Javascript代码

    背景 前端开发中,特别是移动端,Javascript代码压缩已经成为上线必备条件. 如今主流的Js代码压缩工具主要有: 1)Uglify http://lisperator.net/uglifyjs/ ...

  10. 用vue开发一个猫眼电影web app

    前言:之前一直在学习原生的javascript,但是无奈功力太浅,学了很长时候也只能写一些简单的小demo,知道遇见了vue,一切都变了,他的双向绑定和组件化思想让我迅速的爱上了他,可是光学不练是没有 ...