Puppet error Failed to generate additional resources using ‘eval_generate’ SSL_connect returned=1 / 25 Sep 2015 / Author: Haim Ari

    Estimated read time: 1 minutes

    If you happen to get this error on your puppet agent node, here is a way to solve the issue

    The Error looks like this:

    puppet agent -t
    
    Warning: Unable to fetch my node definition, but the agent run will continue:
    Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=puppet.hosts-app.com]
    Info: Retrieving plugin
    Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=hostname.example.com]
    Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=hostname.example.com] Could not retrieve file metadata for puppet://puppet/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=hostname.example.com]
    Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=hostname.example.com]
    Warning: Not using cache on failed catalog
    Error: Could not retrieve catalog; skipping run
    Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=hostname.example.com]
    

    ####To resolve:

    On master server:
    puppet cert clean hostname.example.com
    
    On client:
    find /var/lib/puppet/ssl -name '*.pem' -exec rm {} \;                                                                                                                           
    puppet agent -t --waitforcert=30 
    

    While the client waits, sign the request on the master server:

    puppet cert sign hostname
    

    or

    puppet cert sign --all
    

    Wait for the client to complete the transaction