When trying to run the following command from puppet agent node:
puppet agent --test --verbose
The following error was prompted
Error: certificate verify failed [unable to get local issuer certificate for CN=puppetmaster.example.com]
I have already added FQDN to my hosts in /etc/hosts file.
I deleted the SSL folder in puppet directory and everything worked fine then after.
rm -rf /etc/puppetlabs/puppet/ssl/
puppet agent --test --verbose
You can check your logs using the command
journalctl -u puppet
I went round in circles on this - i was using the standard Ubuntu repo and just installed puppet on my client machines.... My docker puppetmaster is running 6.14 but the agent I pulled from standard Ubuntu world was version 5. The bellow as I am sure you will know will add puppetlabs to your repos and then install the upto date version 6 agent.
wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
sudo dpkg -i puppet6-release-bionic.deb
sudo apt update
sudo apt install puppet-agent
All the answers I have seen to any puppet cerficate type errors just say regenerate your certificate and I could find nothing that offered any further help.
I would suggest check your server and client versions match after my experiance!
To add to @shubham-singh answer, on some system the ssl directory may not be in /etc/puppetlabs/puppet/.
You can run:
sudo find / -name puppet.conf
to find puppet.conf file and look for the value of ssldir property in puppet.conf and then delete/rename the ssl directory and rerun:
puppet agent --test
The rerun may give you error and ask to run additional commands at server and agent to clear the certificate.
Follow the commands and then rerun:
puppet agent --test
and it should work now.
Edit: If you are still having issue, it may be due to different versions of puppet on server and agent. Check the puppet version using below command on master and agent and make sure the versions are matching.
puppet --version
