I am trying to use puppet to configure Amazon EC2 instances. The server is my own box at home. Both server and clients are Ubuntu 8.04 running puppet 0.24.5. On the client when I run: puppetd --server myserver.com --waitforcert 60 --test I get a cert to sign on the server. I sign it and run the command above again on the client. But then I get 3 errors similar to this: warning: Certificate validation failed; considering using the certname configuration option err: /File[/var/lib/puppet/lib]: Failed to generate additional resources during transaction: Certificates were not trusted: hostname was not match with the server certificate I have tried to setting certname on the client to the hostname (for FQDN and hostname only) with no luck. One thing I have notices is that the EC2 instances have hostname with capitals. How else can I track this down? It would be nice if the error msg showed the values that are not correct to help solve this. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Oct 13, 11:07 pm, schickb <schi...@gmail.com> wrote:> I am trying to use puppet to configure Amazon EC2 instances. The > server is my own box at home. Both server and clients are Ubuntu 8.04 > running puppet 0.24.5. > > On the client when I run: > puppetd --server myserver.com --waitforcert 60 --test > > I get a cert to sign on the server. I sign it and run the command > above again on the client. But then I get 3 errors similar to this: > > warning: Certificate validation failed; considering using the certname > configuration option > err: /File[/var/lib/puppet/lib]: Failed to generate additional > resources during transaction: Certificates were not trusted: hostname > was not match with the server certificate > > I have tried to setting certname on the client to the hostname (for > FQDN and hostname only) with no luck. One thing I have notices is that > the EC2 instances have hostname with capitals. How else can I track > this down? It would be nice if the error msg showed the values that > are not correct to help solve this.Ok, I figured it out just after posting this. I was stuck thinking about the client, but the problem was actually the server... my machine has a different hostname and public domain name. When I set certname to the public domain name all was good (so far). If I want to start over with clean certs all around, can I blow away the entire /var/lib/puppet/ssl directory on the client and server? Will all that be regenerated? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Hi>> I am trying to use puppet to configure Amazon EC2 instances. The >> server is my own box at home. Both server and clients are Ubuntu 8.04 >> running puppet 0.24.5. >> >> On the client when I run: >> puppetd --server myserver.com --waitforcert 60 --test >> >> I get a cert to sign on the server. I sign it and run the command >> above again on the client. But then I get 3 errors similar to this: >> >> warning: Certificate validation failed; considering using the certname >> configuration option >> err: /File[/var/lib/puppet/lib]: Failed to generate additional >> resources during transaction: Certificates were not trusted: hostname >> was not match with the server certificate >> >> I have tried to setting certname on the client to the hostname (for >> FQDN and hostname only) with no luck. One thing I have notices is that >> the EC2 instances have hostname with capitals. How else can I track >> this down? It would be nice if the error msg showed the values that >> are not correct to help solve this. > > Ok, I figured it out just after posting this. I was stuck thinking > about the client, but the problem was actually the server... my > machine has a different hostname and public domain name. When I set > certname to the public domain name all was good (so far). > > If I want to start over with clean certs all around, can I blow away > the entire /var/lib/puppet/ssl directory on the client and server? > Will all that be regenerated?yes. greets pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Maybe Matching Threads
- "hostname not match with the server certificate" error
- Could not request certificate: Certificate does not match private key
- failed to retrieve certificate on Amazon EC2
- How to know the generated certname used by a puppet client, for reuse within erb (because of cloud provisioner) ?
- SSL issues - certificate verify failed