Puppet Version: 6.4.1
Puppet Server Version: 6.3.0
OS Name/Version: RHEL 7.5
I have an external root ca, and the CRL is published to a known accessible endpoint. Puppet CA cert is signed by my root CA, and I followed the steps to create the files required to import into puppet when I started for the first time. Everything worked as expected until the CRL expiration time on my Root CA.
It would be nice if puppet server could fetch the CRL on its own since it's published to a known and accessible location. Bar that, having an easy way to import the updated CRL which could be scripted would be acceptable.
The puppet master did not fetch the CRL as I expected, and when I run puppet I get the error "Error: Could not run: The CRL issued by 'Name of Root CA here' has expired, verify time is synchronized."
I attempted to manually copy the CRL into crl.pem but that gave error "Error: Could not run: invalid byte sequence in UTF-8"