Cannot generate new puppet certificates with new puppet master

Question

Created a new Puppet Master to upgrade to Puppet6

Did "rm -rf /etc/puppetlabs/puppet/ssl" to clear old certificates

After pointing the old client at the new master, the client cannot generate new certificates.

Error received is this:

Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN={server FQDN}]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN={server FQDN}]

How do I get the Client to generate a new certificate?

Alpy Alpy · Accepted Answer · 2019-02-22T11:29:23

Please delete the ssl folder on the puppet client too and try again a puppet agent --waitforcert 60 --test

Cannot generate new puppet certificates with new puppet master

2 Answers