Error: Could not run: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

Question

I am trying to copy a current Puppet Master server on one domain and move it to another. Im finding that its very hard to try to change all the config remanence. Is there an easy way to do this, or a step by step best practice? I have grepped most of the old fqdn name and changed it to the new one, yet when I delete all certs, and re-issue new ones on the master, it wants to keep pulling a cert for the old FQDN.

Edit 1: I have resolved many of the issues I was previously getting. However I can not get past this SSL issue for the life of me.

[root@puppet lib]# puppet resource service apache2 ensure=running
Error: Could not run: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [unable to get local issuer certificate for /CN=puppet.foundry.test]

I have attempted to completely purge all certs from the master, using this link, and then regenerate all. But I still keep getting the same errors:

Error: Could not run: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read finished A

Now Im not sure if I am having puppet SSL issues, or SSL issues in general.

Answer 1

Most likely you're connecting to a wrong server (default is hostname puppet).

Check your agent's config, you're mostly interested in server variable

puppet config print --section agent | grep "server = "

Also it's good to know where is puppet agent looking for its config:

$ puppet config print --section agent | grep "^config = "
config = /etc/puppetlabs/puppet/puppet.conf

Edit your config, set correct puppet master:

[agent]
server=puppet4.example.com

Just for sure, you can clean your cerfificate (on agent):

find /etc/puppetlabs/puppet/ssl -name $(hostname -f).pem -delete

on puppet server:

puppet cert clean {broken hostname}

And finally run puppet agent -t