certificate signature failure
Foreman Agent version 3.4.3 Error:
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [certificate signature failure for /***************]
Puppet master version 2.7.23
Error : (certificate signature failure)
please help
node.rb or sending the report?Puppet version 2.7.23 is very old. It can be the case that it doesn’t support the current TLS version(s) and ciphers that Foreman offers. I’d strongly recommend upgrading your infrastructure.
today I accidently removed all certificates on the puppet master
rm -rf /var/lib/puppet/ssl/*
before that everything was working properly
until today
when I use commands on Puppet Agent
puppet agent -t
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for ts1morf.usr.par.emea.cib
Info: Certificate Request fingerprint (SHA256): 19:14:81:DA:9E:6C:B0:E7:B2:36:67:07:83:4B:88:DA:37:CE:CB:AF:9D:43:41:84:76:1B:6B:68:3D:7A:F6:CC
Notice: Using less secure serialization of reports and query parameters for compatibility
Notice: with older puppet master. To remove this notice, please upgrade your master(s)
Notice: to Puppet 3.3 or newer.
Notice: See http://links.puppetlabs.com/deprecate_yaml_on_network for more information.
Info: Caching certificate for ts1morf.usr.par.emea.cib
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=cmvpaa10.prd.cm.par.emea.cib]
Exiting; failed to retrieve certificate and waitforcert is disabled
node.rb what exactly it is about ?
./usr/lib/ruby/vendor_ruby/puppet/face/node.rb
./usr/lib/ruby/vendor_ruby/puppet/rails/inventory_node.rb
./usr/lib/ruby/vendor_ruby/puppet/parser/ast/node.rb
./usr/lib/ruby/vendor_ruby/puppet/node.rb
./usr/lib/ruby/vendor_ruby/puppet/application/node.rb
./usr/lib/ruby/1.9.1/syck/yamlnode.rb
./usr/lib/ruby/1.9.1/syck/basenode.rb
./usr/lib/ruby/1.9.1/psych/nodes/node.rb
./usr/lib/ruby/1.9.1/rexml/light/node.rb
./usr/lib/ruby/1.9.1/rexml/node.rb
Help me please
If you’ve removed all your certificates on the master then I’d recommend following https://docs.puppet.com/puppet/3.7/ssl_regenerate_certificates.html but also really look at upgrading your infrastructure to current puppet versions. 2.7 is very old.
Unable to restore certificates
nothing works now
service apache also does not work 
disaster
why it does not start ??
root@cmvpaa10:/etc/apt# sudo service puppetmaster status
[FAIL] master is not running … failed!
root@cmvpaa10:/etc/apt# [FAIL] master is not running … failed!
It looks like you are having issues with setting up your Puppet environment, not with anything related to Foreman.
I suggest seeking help in the Puppet community.
I can not run puppet masters
puppet agent --test --server localhost
please help
where should I start ?
info: Retrieving plugin
err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=cmvpaa10.prd.cm.par.emea.cib]
err: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=cmvpaa10.prd.cm.par.emea.cib] Could not retrieve file metadata for puppet://localhost/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=cmvpaa10.prd.cm.par.emea.cib]
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=cmvpaa10.prd.cm.par.emea.cib]
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
err: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate signature failure for /CN=cmvpaa10.prd.cm.par.emea.cib]