Hi,
maybe my problem is obvious or present in the doku, but I couldn’t find it. Any help is greatly appreciated!
Problem:
After a fresh install of foreman 3.3 on a debian 10
I want to connect my puppet agents on the clients and this is not working.
On the clients I removed all certificats of my old foreman server. I have a new config entry saying:
cat /etc/puppet/puppet.conf
[agent]
server = foreman3.mydomain.de
On the client side I can do a
puppet agent -t
and it generates new certifcates an sends the request to the foreman server. On the foreman server I’ll do a:
puppetserver ca sign --certname client1.mydomain.de
This works.
But afterwards the next
puppet agent -t
on the client resolves in an error:
puppet agent -t --verbose
---- snip ----
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: foreman3.mydomain.de]
Info: Retrieving pluginfacts
Error: /File[/var/cache/puppet/facts.d]: Failed to generate additional resources using ‘eval_generate’: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: foreman3.mydomain.de]
Error: /File[/var/cache/puppet/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get issuer certificate): [unable to get issuer certificate for /CN=Puppet CA: foreman3.mydomain.de]
------- snip -------
Foreman and Proxy versions:
Foreman Server:
- foreman 3.3
- puppetserver 6.19.0-1buster
Client versions:
puppet 5.5.22-2
puppet 5.5.10-4
Distribution and version:
Clients debian 9,10 and 11 (8 is running out)
Any hint?