I am configuring Puppet Server on Ubuntu. I have followed the documentation on setting up puppet server, including running puppetserver ca setup
before starting the puppetserver service. When I send a certificate request from my agent machine and attempt to list this request on my server, I receive the following error:
admin@puppetserver:~$ puppetserver ca list
Fatal error when running action 'list'
Error: Failed connecting to https://puppet:8140/puppet-ca/v1/certificate_statuses/any_key?state=requested
Root cause: SSL_connect returned=1 errno=0 peeraddr=###.###.###.###:8140 state=error: certificate verify failed (unable to get local issuer certificate)
The peeraddr
value has been partially redacted. It is the local address of the machine running puppet server, on which I ran the above command.
I have attempted clearing and recreating the SSL certificates and performed multiple system reboots on my server and agent devices. Any advice would be welcome. Please ask for further clarifications if needed :)
For my case, I followed the steps on this page under 'Regenerate the CA and all certificates': https://www.puppet.com/docs/puppet/7/ssl_regenerate_certificates.html#regenerate_ca_and_all_certificates
sudo puppet resource service puppetserver ensure=stopped
sudo rm -r /etc/puppetlabs/puppet/ssl
sudo puppetserver ca setup
sudo puppet resource service puppetserver ensure=running
sudo puppet resource service puppet ensure=running
sudo puppet resource service puppet ensure=stopped
Locate the SSL directory for the puppet agent:
puppet config print ssldir --section agent
Delete the directory found above
Restart the stopped service, then send a request to the CA to sign a certificate and sign as normal.