Puppet 4.3.2 client node unable to connect via SSL to Puppet Server

Question

I have just done a clean regeneration of all my Puppet certifications as per the guide in the official docs.

However, I encounter this error with seemingly no good leads on Google, SO, nor anywhere else.

[vagrant@client puppet]$ hostname
client.example.com

[vagrant@client puppet]$ puppet --version
4.3.2

[vagrant@client puppet]$ sudo puppet config print vardir ssldir
vardir = /var/opt/puppetlabs/puppetserver
ssldir = /var/opt/puppetlabs/puppetserver/ssl

[vagrant@client puppet]$ sudo puppet agent --test --server=puppet.example.com
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Info: Retrieving pluginfacts
Error: /File[/var/opt/puppetlabs/puppetserver/facts.d]: Failed to generate additional resources using 'eval_generate': Connection reset by peer - SSL_connect
Error: /File[/var/opt/puppetlabs/puppetserver/facts.d]: Could not evaluate: Could not retrieve file metadata for puppet:///pluginfacts: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Info: Retrieving plugin
Error: /File[/var/opt/puppetlabs/puppetserver/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Error: /File[/var/opt/puppetlabs/puppetserver/lib]: Could not evaluate: Could not retrieve file metadata for puppet:///plugins: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Error: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: SSL_connect SYSCALL returned=5 errno=0 state=unknown state

This is a similar error, but for general SSL in Ruby, and I'm not sure how to change the cipher for Puppet (don't think it is enabled).

This post seems to suggest it may be Apache's fault, but I don't think I'm using Apache.

Any ideas?

Answer 1

I ran into the same problem.

Check your ssl directory on the agent with the command:

sudo puppet config print ssldir

Your ssl directory is probably not in /etc/puppetlabs/puppet/ssl, but probably under /opt/puppetlabs. Remove your certificate (or the entire catalog) from this directory and then perform another puppet run.