I am configuring Puppet Server on Ubuntu. I have followed the documentation on setting up puppet server, including running puppetserver ca setup before starting the puppetserver service. When I send a certificate request from my agent machine and attempt to list this request on my server, I receive the following error:
admin@puppetserver:~$ puppetserver ca list
Fatal error when running action 'list'
Error: Failed connecting to https://puppet:8140/puppet-ca/v1/certificate_statuses/any_key?state=requested
Root cause: SSL_connect returned=1 errno=0 peeraddr=###.###.###.###:8140 state=error: certificate verify failed (unable to get local issuer certificate)
The peeraddr value has been partially redacted. It is the local address of the machine running puppet server, on which I ran the above command.
I have attempted clearing and recreating the SSL certificates and performed multiple system reboots on my server and agent devices. Any advice would be welcome. Please ask for further clarifications if needed :)
For my case, I followed the steps on this page under 'Regenerate the CA and all certificates': https://www.puppet.com/docs/puppet/7/ssl_regenerate_certificates.html#regenerate_ca_and_all_certificates
Server
sudo puppet resource service puppetserver ensure=stoppedsudo rm -r /etc/puppetlabs/puppet/sslsudo puppetserver ca setupAgent
sudo puppet resource service puppet ensure=stoppedLocate the SSL directory for the puppet agent:
puppet config print ssldir --section agentDelete the directory found above
Restart the stopped service, then send a request to the CA to sign a certificate and sign as normal.