I have run into this one at least once before, so I’m annoyed enough with having to google again to write down the problem and solution:

When running puppet agent on one of our nodes, we are greeted with the following (excerpted and sanitized):

Error: Request to https://[host]:[port]/puppet/v3 failed after 0.174 seconds: SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown
Wrapped exception:
SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown
Warning: Unable to fetch my node definition, but the agent run will continue:

What is actually happening? The certname specified in /etc/puppetlabs/puppet/puppet.conf is not the same as I am seeing on the puppet master when I do puppetserver ca list --all. I don’t know why. To fix, though, I did the following:

  1. Clean the misnamed cert on master – puppetserver ca revoke --certname <badcertname>
  2. Clean the related client cert – puppet ssl clean (and possibly sudo rm -fr /etc/puppetlabs/puppet/ssl/* as I had tried that before the aforementioned command)
  3. Run puppet agent on node
  4. Sign the newly generated cert on master