An upgrade to 2.3.0 does NOT have a problem.
A fresh install does:
dpkg -i puppetlabs-release-pc1-trusty.deb
apt-get install puppetserver
Similar on client, except apt-get install puppet-agent.
First sign of a problem is the puppetserver won't start. You can override this with a server=<FQDN> and it will start.
The output of puppet status should mention version 4.4.0 on the client and 2.3.0 on the server. 4.3.2 and 2.2.0 does not exhibit this issue.
So there's some possibilities:
- this is intentional, so the post-install script in the package should create the cert, or at least a mention in the installation documentation.
- this is a regression, and the puppetserver startup should create a cert if missing.
puppet master --no-daemonize --verbose, then wait for "Notice: Starting Puppet master" then hit control c.
What happens otherwise if new clients can send CSRs, the server can sign said CSRs, but then when a client connects:
Error: Could not request certificate: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [unable to get local issuer certificate for /CN=puppet.foo.com]
Note this happens only on new installs, not upgrades.
My 4.3.2 agent/2.2.0 server setup "just worked", apt-get install on both ends, server would start and I was in business. 2.3.0 server the daemon dies, if I get it to start clients can submit CSRs, but never connect afterwards.
I had someone on #puppet replicate this, and actually the fix is from them.