gistfile1.txt

##### On the PuppetCA - clean the new masters cert....
[root@puppetca /]# puppet cert clean b3b0d92345fb
Notice: Revoked certificate with serial 13
Notice: Removing file Puppet::SSL::Certificate b3b0d92345fb at '/etc/puppetlabs/puppet/ssl/ca/signed/b3b0d92345fb.pem'
Notice: Removing file Puppet::SSL::Certificate b3b0d92345fb at '/etc/puppetlabs/puppet/ssl/certs/b3b0d92345fb.pem'


##### On the new master, verify puppet.conf has ca_server and ca
environmentpath = /etc/puppetlabs/code/environments
ca_server = puppetca
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://docs.puppetlabs.com/puppet/latest/reference/config_important_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_about_settings.html
# - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
# - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html
[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
autosign = true
ca = false


#### On the new master, remove old SSL directory and run puppet agent....
[root@b3b0d92345fb puppet]# rm -rf ssl/*
[root@b3b0d92345fb puppet]# puppet agent -t --ca_server puppetca --waitforcert 20
Info: Creating a new SSL key for b3b0d92345fb
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for b3b0d92345fb
Info: Certificate Request fingerprint (SHA256): ED:D9:B1:19:6F:B5:33:B4:FF:B0:79:F5:EE:F6:F6:6B:E8:83:2C:13:80:54:DA:80:CB:50:44:4C:77:F4:DE:72
Info: Caching certificate for b3b0d92345fb

#### On the PuppetCA verify the cert exists and is signed
[root@puppetca /]# puppet cert list b3b0d92345fb
+ "b3b0d92345fb" (SHA256) 75:EA:F1:0F:B6:1C:94:70:98:C3:39:2B:A9:30:6E:44:0D:A0:D5:8D:54:B5:96:18:AA:71:66:0B:77:AE:95:9D

#### On the new master, start puppetserver
[root@b3b0d92345fb puppet]# puppetserver foreground &

#### On the new master, try a puppet run against itself....
[root@b3b0d92345fb puppet]# puppet agent -t --server b3b0d92345fb --ca_server puppetca
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]
Info: Retrieving pluginfacts
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]
Error: /File[/opt/puppetlabs/puppet/cache/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]
Info: Retrieving plugin
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]
Error: /File[/opt/puppetlabs/puppet/cache/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get certificate CRL for /CN=b3b0d92345fb]