https://www.puppet.com/community logo
Join Slack
Powered by
This message was deleted.
# puppet
s
This message was deleted.
r
thanks
I'm not even expecting any automation. I'm fine with running openssh manually if need be
c
If the Bolt stuff doesn't work, the 
extend.sh
script is worth running directly on the Puppet CA host: https://github.com/puppetlabs/ca_extend/blob/main/files/extend.sh That script tries to create a new CA certificate using the same key and doesn't over-write or update anything --- so it should be safe to run even if it doesn't work for some reason. Although, definitely take a backup of 
/etc/puppetlabs/puppet/ssl/
as your first action.
r
thank you so much
it seems to hang up on being unable to syncronize the CRL upon server start
nvm
the new stuff wasn't owned puppet:puppet
c
The CA cert doesn't need to be owned by the 
puppet
user --- just readable by it.
r
the chown sorted it, but thanks so much for the pointer to the extend.sh script.
@csharpsteen ++
d
csharpsteen gained a level! (Karma: 6)
r
slogging through about 4500 servers scp'ing the new CA everywhere.
Open in Slack
PreviousNext
Powered by