Ctrl+K

How to renew an agent certificate#

Intended audience

sysadm members

Check the certificate expiration dates#

On the puppet master (pergamon):

root@pergamon:~# cd /var/lib/puppet/ssl/ca/signed
root@pergamon:/var/lib/puppet/ssl/ca/signed# openssl x509 -text -in beaubourg.softwareheritage.org.pem | grep -i 'not after'
        Not After : Oct 29 18:37:49 2022 GMT

Check the certificate statuses#

On the puppet master (pergamon):

root@pergamon:~# puppet cert list --all 2>/dev/null | grep expired
- "beaubourg.softwareheritage.org"                                (SHA256) 24:50:2E:7F:8B:B0:C7:...:D9:AB:5A:45:46:4D:17:51 (certificate has expired)
...

worker3 certificate is ok, beaubourg certificate is expired

Renew an agent certificate#

On the puppet master (pergamon):

  • Revoke and delete the old certificate

root@pergamon:~# puppet cert clean beaubourg.softwareheritage.org 2>/dev/null
Notice: Revoked certificate with serial 49
Notice: Removing file Puppet::SSL::Certificate beaubourg.softwareheritage.org at '/var/lib/puppet/ssl/ca/signed/beaubourg.softwareheritage.org.pem'
Notice: Removing file Puppet::SSL::Certificate beaubourg.softwareheritage.org at '/var/lib/puppet/ssl/certs/beaubourg.softwareheritage.org.pem'

On the agent (beaubourg for this example), delete the old certificate and generate a new one:

root@beaubourg:~# rm -r /var/lib/puppet/ssl
root@beaubourg:/var/lib/puppet# puppet agent --test
Info: Creating a new SSL key for beaubourg.softwareheritage.org
Info: Caching certificate for ca
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for beaubourg.softwareheritage.org
Info: Certificate Request fingerprint (SHA256): F5:C9:99:0B:...:62:E9:4F:1B
Info: Caching certificate for beaubourg.softwareheritage.org
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for ca
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for beaubourg.softwareheritage.org
Info: Applying configuration version '1638980028'
...
On this page
Edit
Show Source