ERF12-7740¶

Generic or SSL connection errors¶

Please see Proxy_communication_errors first for SSL or communication errors, which aren't specific to this particular proxy action.

Unable to delete PuppetCA certificate for ...¶

Foreman will be contacting the smart proxy (responsible for Puppet CA management on that host) to request that the old certificate for the host is deleted.

Check /var/log/foreman-proxy/proxy.log on your Puppet CA server for any errors.

Failed to run puppetca: [sudo] password for foreman-proxy¶

The proxy is trying to run a Puppet command to delete the certificate via sudo, but the sudoers rules aren't allowing it to do so without a password - suggesting the rules aren't right (they vary for Puppet 2 versus 3) or are missing.

See http://theforeman.org/manuals/latest/index.html#4.3.2SmartProxySettings, scroll down a little for the Puppet CA configuration and the sudoers rules are listed. These should be in /etc/sudoers.d/foreman-proxy and the file should have -r--r----- (0440) permissions.

Note that if you've upgraded from Puppet 2 to 3, the rule needs changing to /usr/bin/puppet cert * (you should also read FAQ for other changes, or re-run the installer).