Discussion:
[Puppet Users] Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError
Bret Wortman
2018-10-22 11:25:10 UTC
Permalink
We had an issue where someone removed our puppet server's ssl directory, so
we need to regenerate all our certs. I'm following the instructions
at https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html but
am having difficulties:

# puppetserver ca list -a
Traceback (most recent call last):
9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in
'<main>'
8: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/cli.rb:89:
in 'run'
7: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:60:
in 'run'
6: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113:
in 'get_all_certs'
5: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113:
in 'new'
4: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16:
in 'initialize'
3: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16:
in 'new'
2: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:19:
in 'initialize'
1: from
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:108:
in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in
'add_file': system lib (OpenSSL::X509::StoreError)
#

Has anyone encountered this before? Any thoughts on how to regenerate my
certs on this system and get us going again?

Note: I have puppet installed on one server and puppetdb on another, in
case that matters.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6f6d349b-186d-46e7-b472-957b856ae60f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bret Wortman
2018-10-22 12:48:39 UTC
Permalink
Out of curiosity, I updated the server to 6.0.1. No change.
Post by Bret Wortman
We had an issue where someone removed our puppet server's ssl directory,
so we need to regenerate all our certs. I'm following the instructions at
https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html but
# puppetserver ca list -a
9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in
'<main>'
8: from
in 'run'
7: from
in 'run'
6: from
in 'get_all_certs'
5: from
in 'new'
4: from
in 'initialize'
3: from
in 'new'
2: from
in 'initialize'
1: from
in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in
'add_file': system lib (OpenSSL::X509::StoreError)
#
Has anyone encountered this before? Any thoughts on how to regenerate my
certs on this system and get us going again?
Note: I have puppet installed on one server and puppetdb on another, in
case that matters.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7715f962-0e79-44f8-9e25-ade744378c37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Johan De Wit
2018-10-22 15:36:13 UTC
Permalink
try puppet cert list --all



That seems to work .... git simalar error using the puppet ca command



-----Original message-----
From: Bret Wortman <***@damascusgrp.com>
Sent: Monday 22nd October 2018 14:48
To: Puppet Users <puppet-***@googlegroups.com>
Subject: [Puppet Users] Re: Puppet 6 regenerate all certs fails with OpenSSL::X509::StoreError

Out of curiosity, I updated the server to 6.0.1. No change.


On Monday, October 22, 2018 at 7:25:10 AM UTC-4, Bret Wortman wrote:
We had an issue where someone removed our puppet server's ssl directory, so we need to regenerate all our certs. I'm following the instructions at https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html but am having difficulties:

# puppetserver ca list -a
Traceback (most recent call last):
     9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in '<main>'
     8: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/cli.rb:89: in 'run'
     7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:60: in 'run'
     6: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113: in 'get_all_certs'
     5: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113: in 'new'
     4: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16: in 'initialize'
     3: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16: in 'new'
     2: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:19: in 'initialize'
     1: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:108: in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in 'add_file': system lib (OpenSSL::X509::StoreError)
#

Has anyone encountered this before? Any thoughts on how to regenerate my certs on this system and get us going again?

Note: I have puppet installed on one server and puppetdb on another, in case that matters.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com <mailto:puppet-users+***@googlegroups.com> .
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7715f962-0e79-44f8-9e25-ade744378c37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/zarafa.5bcdee6d.237f.28bdb41c5ab4ed98%40zarafa7.open-future.be.
For more options, visit https://groups.google.com/d/optout.
Maggie Dreyer
2018-10-22 15:36:49 UTC
Permalink
Unfortunately that particular docs page was incorrectly updated for Puppet
6. If you are running Puppet 6 master AND agents, you can regenerate your
CA by using `puppetserver can setup`. This creates a basic intermediate CA
with a self-signed root and a CA signing cert. It will also create a new
cert for your puppet master. You can read more about this model here:
https://puppet.com/docs/puppetserver/6.0/intermediate_ca.html, and more
about the new `puppetserver ca` subcommand here:
https://puppet.com/docs/puppetserver/6.0/subcommands.html#ca.

However, please note that if you still have some Puppet 5 agents, you'd be
better off just restarting Puppet Server, which will generate a new
non-intermediate CA (a self-signed root that also is the CA signing cert
that issues node certificates). Puppet 5 agents do not properly support the
intermediate CA setup without manual intervention.

Whichever route you take to regenerate your CA and master cert, you will
also need to regenerate the certs for your agents. This can be accomplished
by starting Puppet Server, deleting the SSL dir on each agent node (and
puppetdb), then running `puppet agent -t` to submit a signing request to
the server. On a Puppet 6 master, use `puppetserver ca sign --certname
<node's certname>` to sign the cert, followed by another `puppet agent -t`
on the agent to retrieve it.

We made a series of major CA improvements in Puppet 6, which you can read
about in the release notes here
<https://puppet.com/docs/puppetserver/6.0/release_notes.html> and here
<https://puppet.com/docs/puppet/6.0/release_notes.html>. While updating the
docs for this release, we realized that a major overhaul of the CA and SSL
docs was needed, as many of them haven't been touched since the release of
Puppet 4. We are in the process of getting that written and published now.
We really appreciate feedback like this to help us identify spots that are
still wrong or confusing.

Please let me know if anything in here doesn't work right for you!
Maggie
Post by Bret Wortman
Out of curiosity, I updated the server to 6.0.1. No change.
Post by Bret Wortman
We had an issue where someone removed our puppet server's ssl directory,
so we need to regenerate all our certs. I'm following the instructions at
https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html but
# puppetserver ca list -a
9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in
'<main>'
8: from
in 'run'
7: from
in 'run'
6: from
in 'get_all_certs'
5: from
in 'new'
4: from
in 'initialize'
3: from
in 'new'
2: from
in 'initialize'
1: from
in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in
'add_file': system lib (OpenSSL::X509::StoreError)
#
Has anyone encountered this before? Any thoughts on how to regenerate my
certs on this system and get us going again?
Note: I have puppet installed on one server and puppetdb on another, in
case that matters.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7715f962-0e79-44f8-9e25-ade744378c37%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/7715f962-0e79-44f8-9e25-ade744378c37%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMstjg0R1zUrdj76VFYM36wZaaDYKFvL%2BbYAUbGTy2gG-Um9sA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Bret Wortman
2018-10-22 15:46:21 UTC
Permalink
That worked like a champ. Now I just need to read up on how to get my
puppetserver talking to puppetdb again...

Thanks, Maggie!
Post by Maggie Dreyer
Unfortunately that particular docs page was incorrectly updated for
Puppet 6. If you are running Puppet 6 master AND agents, you can
regenerate your CA by using `puppetserver can setup`. This creates a
basic intermediate CA with a self-signed root and a CA signing cert.
It will also create a new cert for your puppet master. You can read
https://puppet.com/docs/puppetserver/6.0/intermediate_ca.html, and
https://puppet.com/docs/puppetserver/6.0/subcommands.html#ca.
However, please note that if you still have some Puppet 5 agents,
you'd be better off just restarting Puppet Server, which will generate
a new non-intermediate CA (a self-signed root that also is the CA
signing cert that issues node certificates). Puppet 5 agents do not
properly support the intermediate CA setup without manual intervention.
Whichever route you take to regenerate your CA and master cert, you
will also need to regenerate the certs for your agents. This can be
accomplished by starting Puppet Server, deleting the SSL dir on each
agent node (and puppetdb), then running `puppet agent -t` to submit a
signing request to the server. On a Puppet 6 master, use `puppetserver
ca sign --certname <node's certname>` to sign the cert, followed by
another `puppet agent -t` on the agent to retrieve it.
We made a series of major CA improvements in Puppet 6, which you can
read about in the release notes here
<https://puppet.com/docs/puppetserver/6.0/release_notes.html> and here
<https://puppet.com/docs/puppet/6.0/release_notes.html>. While
updating the docs for this release, we realized that a major overhaul
of the CA and SSL docs was needed, as many of them haven't been
touched since the release of Puppet 4. We are in the process of
getting that written and published now. We really appreciate feedback
like this to help us identify spots that are still wrong or confusing.
Please let me know if anything in here doesn't work right for you!
Maggie
On Mon, Oct 22, 2018, 5:48 AM Bret Wortman
Out of curiosity, I updated the server to 6.0.1. No change.
We had an issue where someone removed our puppet server's
ssl directory, so we need to regenerate all our certs. I'm
following the instructions at
https://puppet.com/docs/puppet/6.0/ssl_regenerate_certificates.html
# puppetserver ca list -a
     9: from
/opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in '<main>'
     8: from
in 'run'
     7: from
in 'run'
     6: from
in 'get_all_certs'
     5: from
in 'new'
     4: from
in 'initialize'
     3: from
in 'new'
     2: from
in 'initialize'
     1: from
in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in
'add_file': system lib (OpenSSL::X509::StoreError)
#
Has anyone encountered this before? Any thoughts on how to
regenerate my certs on this system and get us going again?
Note: I have puppet installed on one server and puppetdb on
another, in case that matters.
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it,
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7715f962-0e79-44f8-9e25-ade744378c37%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/7715f962-0e79-44f8-9e25-ade744378c37%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the
Google Groups "Puppet Users" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/puppet-users/YIs8AmLHHMg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAMstjg0R1zUrdj76VFYM36wZaaDYKFvL%2BbYAUbGTy2gG-Um9sA%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAMstjg0R1zUrdj76VFYM36wZaaDYKFvL%2BbYAUbGTy2gG-Um9sA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4139dd66-f8db-e68d-d026-3d4f67109d70%40damascusgrp.com.
For more options, visit https://groups.google.com/d/optout.
c***@redlands.qld.edu.au
2018-10-25 22:10:58 UTC
Permalink
Puppet 5 agents do not properly support the intermediate CA setup without
manual intervention.
Hi Maggie,

Could you elaborate on the "manual intervention" required to get a Puppet 5
agent to work with the intermediate CA? I'm getting errors associated with
the CRL but can't yet find any discussion of this in the documentation. I'm
sure this is the incompatibility you mentioned.
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify
failed: [unable to get certificate CRL for /CN=Puppet CA:
puppet.test.redlands.qld.edu.au]
--
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/77597585-6a3c-48b2-b3f8-c1ca85bac715%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Maggie Dreyer
2018-10-26 15:43:47 UTC
Permalink
The information on this page from the Puppet 5 docs will probably help:
https://puppet.com/docs/puppetserver/5.3/intermediate_ca_configuration.html

Assuming your intermediate CA was set up using `puppetserver ca setup`, the
important bits are:
1) Delete the SSL dir on the agent
2) Set CRL checking on the agent to "leaf"
3) Copy the CA bundle from the master to the agent:
(master) /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem -> (agent)
/etc/puppetlabs/puppet/ssl/certs/ca.pem
4) Copy the CRL bundle from the master to the agent:
(master) /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem -> (agent)
/etc/puppetlabs/puppet/ssl/crl.pem
5) Do an agent run to generate a CSR and proceed as usual

You shouldn't have to create any bundles or do any work server-side if you
used our CLI to build your intermediate CA (either with `setup` or `import).

These steps are necessary because the agent used to not correctly save PEM
files with more than one artifact in them (like the cert and CRL bundles
here), and it also didn't used to properly iterate over a chain of CRLs
even if it had one (hence setting CRL checking to leaf). Both of these
issues are fixed in Puppet 6.

Let me know if you have any more issues. I'll look into getting some of
this information linked from the Puppet 6 version of the intermediate CA
docs.
Post by c***@redlands.qld.edu.au
Puppet 5 agents do not properly support the intermediate CA setup without
manual intervention.
Hi Maggie,
Could you elaborate on the "manual intervention" required to get a Puppet
5 agent to work with the intermediate CA? I'm getting errors associated
with the CRL but can't yet find any discussion of this in the
documentation. I'm sure this is the incompatibility you mentioned.
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify
puppet.test.redlands.qld.edu.au]
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/77597585-6a3c-48b2-b3f8-c1ca85bac715%40googlegroups.com
<https://groups.google.com/d/msgid/puppet-users/77597585-6a3c-48b2-b3f8-c1ca85bac715%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAMstjg3nu4yuHyiDrmbnr-AmCJ_8BNF3sa7np7p18xo81cgS%3Dw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Craig Holyoak
2018-10-29 23:07:33 UTC
Permalink
Post by Maggie Dreyer
1) Delete the SSL dir on the agent
2) Set CRL checking on the agent to "leaf"
(master) /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem -> (agent) /etc/puppetlabs/puppet/ssl/certs/ca.pem
(master) /etc/puppetlabs/puppet/ssl/ca/ca_crl.pem -> (agent) /etc/puppetlabs/puppet/ssl/crl.pem
5) Do an agent run to generate a CSR and proceed as usual
Thanks, that has worked perfectly.
--
Craig Holyoak
IT Support @ Redlands College
***@redlands.qld.edu.au
http://www.redlands.qld.edu.au/
--
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAA540SyMdM-OwHQeU_M0WZRzyuafb-KFoaqftjSaegXX8JcEAQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
h***@gmail.com
2018-10-24 16:18:30 UTC
Permalink
Post by Johan De Wit
# puppetserver ca list -a
     9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in '<main>'
     8: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/cli.rb:89: in 'run'
     7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:60: in 'run'
     6: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113: in 'get_all_certs'
     5: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113: in 'new'
     4: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16: in 'initialize'
     3: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16: in 'new'
     2: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:19: in 'initialize'
     1: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:108: in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in 'add_file': system lib (OpenSSL::X509::StoreError)
#
Has anyone encountered this before? Any thoughts on how to regenerate my certs on this system and get us going again?
Note: I have puppet installed on one server and puppetdb on another, in case that matters.
I have i don't know what is puppet server is? All i have is visual studio code that's all, it doesn't have any cool features as long as i can practice decode to write code, to apply for a "?".aspx,java
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/96c62177-c3d9-4546-9a9d-ed94610501f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
h***@gmail.com
2018-10-24 16:14:44 UTC
Permalink
i have downloaded a java se from oracle and node.js, i tried to jdk1.7.80 but it was hopeless for me if my keyboard on dell laptop isn't working, and plus i got a rain out, oh well i have a Visual studio code with Administrator portal. So what do i have to resolve my problems. I work at Lahaina Fish CO and i tried to set my Android phone to Developers Options to get a bug report but somehow i don't know if any of co-workers toggle to see what i was trying to develop or bug report.
8
# puppetserver ca list -a
     9: from /opt/puppetlabs/server/apps/puppetserver/cli/apps/ca:5 in '<main>'
     8: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/cli.rb:89: in 'run'
     7: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:60: in 'run'
     6: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113: in 'get_all_certs'
     5: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/action/list.rb:113: in 'new'
     4: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16: in 'initialize'
     3: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/certificate_authority.rb:16: in 'new'
     2: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:19: in 'initialize'
     1: from /opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:108: in 'make_store'
/opt/puppetlabs/puppet/lib/ruby/vendor_gems/gems/puppetserver-ca-1.0.0/lib/puppetserver/ca/utils/http_client.rb:109:in 'add_file': system lib (OpenSSL::X509::StoreError)
#
Has anyone encountered this before? Any thoughts on how to regenerate my certs on this system and get us going again?
Note: I have puppet installed on one server and puppetdb on another, in case that matters.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2d968b38-d5cd-4f5b-9707-7d5501bf7334%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...