Puppet: "Error: Could not request certificate: stack level too deep"

This is going to be a stub, because I have no idea what the cause is., The “Error: Could not request certificate: stack level too deep” message when running puppet has been such a pain in the rear end that I need to document it. I’m a firm believer that just the act of documenting a fix ensures that the problem will never arise again. Here’s hoping.


$ puppet agent -tv
Info: Not using expired certificate for ca from cache; expired at Tue May 20 00:16:15 UTC 2014 Error: Could not request certificate: stack level too deep Exiting; failed to retrieve certificate and waitforcert is disabled

Sounds like an expired CA cert, but replacing it didn’t fix it. All the posts online with this error talk about a three-year-old activerecord bug, so that’s not valid either.  Having no Google-fu solutions, I did the following:

Update 2018-11-13:

A comment by otheus below drew my attention back to this post now years later.  His suggestion is likely a better one:

DONT remove /var/lib/puppet/ssl on the client. no! simply do:

rm -f /var/lib/puppet/ssl/certs/ca.pem

Renew the server-side cert and then re-run puppet agent on the local host.

*** Original Content Follows ***

Resolution (perhaps – again, I am unsure. Cargo Cult fix incoming):

On the puppet node:

$ rm -rf /var/lib/puppet/ssl

…and because we’re doing something weird at $WORK:

$ rm -rf /etc/puppet/ssl
$ puppet agent -t # Regenerates the SSL certificates for the agent

On the puppet master:

$ puppet cert sign # Signs the new node certificate

…and that fixed the node, somehow. It’s got to be SSL related, but who knows how it got into that state, or why updating the CA cert didn’t fix it.