Setting up puppetmaster: hostname was not match with the server certificate

I am new to setting up Puppet and Puppetmaster... We have puppets setup previously, and new new puppetmaster...

---

3rd edit

After deleting the ssl files on both master(ghive-ldap) and client (giab10)

The hostname for master is ghive-ldap and in client's hostname I have that.

On master:

puppet cert clean ghive-ldap
puppet cert generate --dns_alt_names ghive-ldap ghive-ldap


sudo puppetca --sign giab10
err: Could not call sign: Could not find certificate request for giab10

so then on the client:

sudo puppet cert --generate giab10
notice: giab10 has a waiting certificate request
notice: Signed certificate request for giab10
notice: Removing file Puppet::SSL::CertificateRequest giab10 at '/var/lib/puppet/ssl/ca/requests/giab10.pem'
notice: Removing file Puppet::SSL::CertificateRequest giab10 at '/var/lib/puppet/ssl/certificate_requests/giab10.pem'
giabadmin@giab10:~$ sudo puppet cert --list --all
+ giab10 (0F:CB:............)

I ran this on the client

sudo puppetd --test --debug
.....
err: Could not retrieve catalog from remote server: getaddrinfo: Name or service not know

Fine... let me try this on the client

sudo puppet agent --server ghive-ldap --waitforcert 60 --test --verbose
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

Garrrrr..... I deleted the ssl files and still no luck!! Something must have gone wrong...

How do I start from the beginning? I didn't much help from the documentation...Sorry for being a noob.. Thanks

PS: Also, how do you make sure the two servers have time in sync?

Thanks,. I've updated my post above. Do they seem to do something weird?

You're connecting to "puppetmaster", but the puppetmaster only has a certificate it can use for "master".

Thanks. Question... if the hostname for the master is not puppetmaster, should I just go back to /etc/hosts and put the actual hostname there? Will that make more sense? THanks

It's a matter of preference I guess. I am usually hesitant to mess with the certificate stuff, so I'd just stick the hostname in /etc/hosts or DNS and be done with it. If you plan on growing to a lot more hosts and want to use the hostname you picked, I'd investigate the certname or dns_alt_names options.

Thanks. Just a quick question... sorry for being a noob. I would like start the whole certificate over. Where should I begin starting over? I deleted /var/lib/puppets/ssl/ and /etc/puppets/ssl on both master and clinet... assuming that putting the actual hostname in /etc/hosts will make things smoother

Clearing /var/lib/puppet/ssl should be sufficient yes. I don't think changing /etc/hosts on the master will be helpful. Changing /etc/hosts would be on the client, to match the hostname you connect to with the certificate of the server. You can change the hostname of the server (often /etc/hostname, after you change it reboot or use the hostname command), or change the name puppet creates the certificate for with the certname option: docs.puppetlabs.com/references/2.7.9/…

Thanks... I edited my post. I would like to ask for guidance on starting over from the beginning.... it seems like I am creating a big mess here. If you can help it would be really great. Thanks in advance.

Did you check your error on projects.puppetlabs.com/projects/1/wiki/… ? Also, you can sync the time with ntp, just point both servers to a valid ntp server, most likely your distro will come preconfigured with some.