Puppet error : Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Topic Tools

If you are getting the below error while configuring and running manifests in new Puppet agent

Puppet error : Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed:

One of the possible Resolution : This error will come if the IP/hostname is wrong/incorrect in puppet.conf of agent server

Please check the puppet.conf inside the puppet agent server and write the correct entry.

Thanks Johny for asking the question “How did i figure out the error”

This error “Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed” is an generic error which denotes that agent is not able to contact Puppet master server, there are mulitple scenarios which could lead to this error, such are:

  • Wrong hostname/IP/DNS of puppet server in puppet.conf Or in /etc/hosts – For this issue follow the above solution
  • Existing puppet process is running Or the agent was previously pointed to Different puppet master – For this issue first kill the existing process and remove the old ssl certificates and reconfigure puppet agent.
  • SSL certificate updated with wrong inputs of puppet master – For this issue follow the above mentioned solution
  • NTP setting is incorrect. i.e. different time set for Puppet agent and Puppet master – Make sure both the servers and client are running in same timezone, you can modify the ntp settings

Happy learning …

4 comments… add one

  • Johny Jackson

    Thanks but how did you find out the root cause ?

    • Thanks Johny for your feedback. I have just modified the article to answer your question.

  • abghosh

    I have tried multiple option but didn’t came to the resolutiion, if someone could help with this.

    puppet agent -t
    Warning: Unable to fetch my node definition, but the agent run will continue:
    Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: fclppupmstr01.usa.tribune.com]
    Info: Retrieving plugin
    Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using ‘eval_generate’: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [self signed certificate in certificate chain for /CN=Puppet CA: fclppupmstr01.usa.tribune.com]
    Info: Loading facts
    Info: Loading facts
    10.173.68.23value:
    package TWeagent is not installed
    Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: []
    Warning: Not using cache on failed catalog
    Error: Could not retrieve catalog; skipping run

    • Hi abghosh,

      Thanks for your query.

      Please suggest the following :
      – Is it a new server where you are configuring agent or previously you had puppet agent (may be for this or another puppet server) ?
      – Did you try the solutions for above mentioned scenarios ?
      – Are the servers (master and agent) on same network and follows same timezone ?
      – Did you try to remove the ssl directory (find out ssl directory by “puppet agent –configprint ssldir”) (also other ssl directories in /var/puupet /opt/puppet , etc) and clean the certificate from master (by puppet cert clean ) and then regenerates the certificate again ?
      – Did you try to increase the default wait for certificate in agent (by puppet agent –waitforcert=120 –test) ?

      Please let me know if the above approach will help you to resolve the issue else I will look into the problem once you post the answer

Leave a Comment