You get an error message when running a job such as a pipeline deployment in Continuous Delivery for Puppet Enterprise.
Your job’s logs show this error message in Continuous Delivery for PE. This means you have an expired CA certificate in your application settings.
2022-02-22 22:22:22 UTC: Downloading job scripts and control repo from CD4PE. 2022-02-22 22:22:22 UTC: cd4pe_client: requesting get https://cd4pe.example.com/cd4pe/Automation/getJobScriptAndControlRepo?jobInstanceId=1234 with read timeout: 1740 seconds 2022-02-22 22:22:22 UTC: Failed to get https://cd4pe.example.com/cd4pe/Automation/getJobScriptAndControlRepo?jobInstanceId=1234. SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired). 2022-02-22 22:22:22 UTC: Total request time: 0.012345678 seconds
Version and installation information
CD4PE version: 4.x
Replace your expired CA certificate with a new one and redeploy the application in Continuous Delivery for PE.
To check if you have an expired CA certificate, follow these steps:
Log in to the Puppet Application Manager UI at port 8800. Select the Config tab. Under Optional configuration, select View options for certificates. If the Provide my own certs is selected, you have an expired CA certificate in your organization’s certification chain, and it needs to get replaced.
To replace an expired CA certificate, follow these steps:
Under Optional configuration, if Use generated certs is selected:
SSH into the Continuous Delivery for PE/Puppet Application Manager server.
Download the specification files:
/usr/local/bin/kubectl-kots --kubeconfig /etc/kubernetes/admin.conf download -n default --slug cd4pe
issuer_certsparameter value from
./cd4pe/upstream/userdata/config.yaml. It should look like this:
-----END CERTIFICATE----- issuer_certs: value: issuer_key: default: | -----BEGIN RSA PRIVATE KEY-----
Upload the new application
/usr/local/bin/kubectl-kots --kubeconfig /etc/kubernetes/admin.conf upload -n default --slug cd4pe ./cd4pe --deploy
In the Puppet Application Manager UI, go to the Version history tab. Check to make sure the new version is deployed.
If you continue to have issues, please open a Support ticket.