https://docs.puppetlabs.com/puppet/latest/reference/ssl_regenerate_certificates.html
on agent do:
puppet config print ssldir # this should output something like:
We'll assume for the rest of this article that the above outputs:
/var/lib/puppet/ssl
In this directory, go view what files it has:
[root@puppetmaster ssl]# find . -name puppetmaster* ./public_keys/puppetmaster.*.pem ./certificate_requests/puppetmaster.*.pem ./certs/puppetmaster.*.pem ./private_keys/puppetmaster.*.pem ./ca/signed/puppetmaster.*.pem [root@puppetmaster ssl]#
Run:
puppet cert clean {agent's fqdn} # note the "-all" option doesn't work.
this should then result in:
[root@puppetmaster ssl]# find . -name puppetmaster* [root@puppetmaster ssl]#
As you can see, nothing found this time.
Now on the agent do:
puppet agent -t --trace --debug
This command will outpupwdt a message like:
Exiting; no certificate found and waitforcert is disabled
Now on the puppetmaster, you should the following files have been regenerated:
[root@puppetmaster ssl]# pwd /var/lib/puppet/ssl [root@puppetmaster ssl]# find . -name puppetmaster* ./public_keys/puppetmaster.ordsvy.gov.uk.pem ./certificate_requests/puppetmaster.fqdn.pem ./private_keys/puppetmaster.fqdn.pem ./ca/requests/puppetmaster.fqdn.pem [root@puppetmaster ssl]#
Now ensure that we sign.
To sign this certificate do:
puppet cert sign {agent's fqdn}
This should now result in:
[root@puppetmaster ssl]# pwd /var/lib/puppet/ssl [root@puppetmaster ssl]# find . -name puppetmaster* ./public_keys/puppetmaster.ordsvy.gov.uk.pem ./certificate_requests/puppetmaster.ordsvy.gov.uk.pem ./private_keys/puppetmaster.ordsvy.gov.uk.pem ./ca/signed/puppetmaster.ordsvy.gov.uk.pem [root@puppetmaster ssl]#
https://docs.puppetlabs.com/references/3.5.1/man/cert.html
on master do:
puppet cert clean {agent's fqdn}
then you can redo part c