puppet 8.1.0-universal-darwin → 8.3.0-universal-darwin

data/lib/puppet/util/package/version/rpm.rb

@@ -19,7 +19,7 @@ module Puppet::Util::Package::Version
     end
 
     def to_s
-      version_found = String.new
+      version_found = ''.dup
       version_found += "#{@epoch}:"   if @epoch
       version_found += @version
       version_found += "-#{@release}" if @release

data/lib/puppet/util/provider_features.rb

@@ -76,7 +76,7 @@ module Puppet::Util::ProviderFeatures
 
   # @return [String] Returns a string with documentation covering all features.
   def featuredocs
-    str = String.new
+    str = ''.dup
     @features ||= {}
     return nil if @features.empty?
     names = @features.keys.sort_by(&:to_s)

data/lib/puppet/util/selinux.rb

@@ -227,7 +227,7 @@ module Puppet::Util::SELinux
 
   # Internal helper function to read and parse /proc/mounts
   def read_mounts
-    mounts = String.new
+    mounts = ''.dup
     begin
       if File.method_defined? "read_nonblock"
         # If possible we use read_nonblock in a loop rather than read to work-

data/lib/puppet/util/windows/access_control_entry.rb

@@ -61,7 +61,7 @@ class Puppet::Util::Windows::AccessControlEntry
   end
 
   def inspect
-    inheritance = String.new
+    inheritance = ''.dup
     inheritance << '(I)' if inherited?
     inheritance << '(OI)' if object_inherit?
     inheritance << '(CI)' if container_inherit?

data/lib/puppet/util/windows/access_control_list.rb

@@ -98,7 +98,7 @@ class Puppet::Util::Windows::AccessControlList
   end
 
   def inspect
-    str = String.new
+    str = ''.dup
     @aces.each do |ace|
       str << "  #{ace.inspect}\n"
     end

data/lib/puppet/util/windows/adsi.rb

@@ -176,6 +176,13 @@ module Puppet::Util::Windows::ADSI
         sids = []
         adsi_child_collection.each do |m|
           sids << Puppet::Util::Windows::SID.ads_to_principal(m)
+        rescue Puppet::Util::Windows::Error => e
+          case e.code
+          when Puppet::Util::Windows::SID::ERROR_TRUSTED_RELATIONSHIP_FAILURE, Puppet::Util::Windows::SID::ERROR_TRUSTED_DOMAIN_FAILURE
+            sids << Puppet::Util::Windows::SID.unresolved_principal(m.name, m.sid)
+          else
+            raise e
+          end
         end
 
         sids
@@ -488,7 +495,7 @@ module Puppet::Util::Windows::ADSI
     # UNLEN from lmcons.h - https://stackoverflow.com/a/2155176
     MAX_USERNAME_LENGTH = 256
     def self.current_user_name
-      user_name = String.new
+      user_name = ''.dup
       max_length = MAX_USERNAME_LENGTH + 1 # NULL terminated
       FFI::MemoryPointer.new(max_length * 2) do |buffer| # wide string
         FFI::MemoryPointer.new(:dword, 1) do |buffer_size|
@@ -520,7 +527,7 @@ module Puppet::Util::Windows::ADSI
     NameSurname           = 14
 
     def self.current_user_name_with_format(format)
-      user_name = String.new
+      user_name = ''.dup
       max_length = 1024
 
       FFI::MemoryPointer.new(:lpwstr, max_length * 2 + 1) do |buffer|

data/lib/puppet/util/windows/error.rb

@@ -32,7 +32,7 @@ class Puppet::Util::Windows::Error < Puppet::Error
             FORMAT_MESSAGE_ARGUMENT_ARRAY |
             FORMAT_MESSAGE_IGNORE_INSERTS |
             FORMAT_MESSAGE_MAX_WIDTH_MASK
-    error_string = String.new
+    error_string = ''.dup
 
     # this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
     FFI::MemoryPointer.new(:pointer, 1) do |buffer_ptr|

data/lib/puppet/util/windows/file.rb

@@ -245,7 +245,7 @@ module Puppet::Util::Windows::File
   module_function :readlink
 
   def get_long_pathname(path)
-    converted = String.new
+    converted = ''.dup
     FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
       # includes terminating NULL
       buffer_size = GetLongPathNameW(path_ptr, FFI::Pointer::NULL, 0)
@@ -263,7 +263,7 @@ module Puppet::Util::Windows::File
   module_function :get_long_pathname
 
   def get_short_pathname(path)
-    converted = String.new
+    converted = ''.dup
     FFI::Pointer.from_string_to_wide_string(path) do |path_ptr|
       # includes terminating NULL
       buffer_size = GetShortPathNameW(path_ptr, FFI::Pointer::NULL, 0)

data/lib/puppet/util/windows/process.rb

@@ -121,7 +121,7 @@ module Puppet::Util::Windows::Process
   module_function :with_process_token
 
   def get_process_image_name_by_pid(pid)
-    image_name = String.new
+    image_name = ''.dup
 
     Puppet::Util::Windows::Security.with_privilege(Puppet::Util::Windows::Security::SE_DEBUG_NAME) do
       open_process(PROCESS_QUERY_INFORMATION, false, pid) do |phandle|

data/lib/puppet/util/windows/sid.rb

@@ -7,8 +7,10 @@ module Puppet::Util::Windows
     extend FFI::Library
 
     # missing from Windows::Error
-    ERROR_NONE_MAPPED           = 1332
-    ERROR_INVALID_SID_STRUCTURE = 1337
+    ERROR_NONE_MAPPED                  = 1332
+    ERROR_INVALID_SID_STRUCTURE        = 1337
+    ERROR_TRUSTED_DOMAIN_FAILURE       = 1788
+    ERROR_TRUSTED_RELATIONSHIP_FAILURE = 1789
 
     # Well Known SIDs
     Null                        = 'S-1-0'

data/lib/puppet/util.rb

@@ -409,8 +409,7 @@ module Util
   def uri_encode(path, opts = { :allow_fragment => false })
     raise ArgumentError.new(_('path may not be nil')) if path.nil?
 
-    # ensure string starts as UTF-8 for the sake of Ruby 1.9.3
-    encoded = String.new.encode!(Encoding::UTF_8)
+    encoded = ''.dup
 
     # parse uri into named matches, then reassemble properly encoded
     parts = path.match(RFC_3986_URI_REGEX)
@@ -454,7 +453,7 @@ module Util
 
   def rfc2396_escape(str)
     str.gsub(UNSAFE) do |match|
-      tmp = String.new
+      tmp = ''.dup
       match.each_byte do |uc|
         tmp << sprintf('%%%02X', uc)
       end

data/lib/puppet/version.rb

@@ -7,7 +7,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '8.1.0'
+  PUPPETVERSION = '8.3.0'
 
   ##
   # version is a public API method intended to always provide a fast and

data/lib/puppet/x509/cert_provider.rb

@@ -311,6 +311,13 @@ class Puppet::X509::CertProvider
       options[:extension_requests] = csr_attributes.extension_requests
     end
 
+    # Adds auto-renew attribute to CSR if the agent supports auto-renewal of
+    # certificates
+    if Puppet[:hostcert_renewal_interval] && Puppet[:hostcert_renewal_interval] > 0
+      options[:csr_attributes] ||= {}
+      options[:csr_attributes].merge!({'1.3.6.1.4.1.34380.1.3.2' => 'true'})
+    end
+
     csr = Puppet::SSL::CertificateRequest.new(name)
     csr.generate(private_key, options)
   end
@@ -369,13 +376,17 @@ class Puppet::X509::CertProvider
     OpenSSL::X509::Request.new(pem)
   end
 
-  private
-
+  # Return the path to the cert related object (key, CSR, cert, etc).
+  #
+  # @param base [String] base directory
+  # @param name [String] the name associated with the cert related object
   def to_path(base, name)
     raise _("Certname %{name} must not contain unprintable or non-ASCII characters") % { name: name.inspect } unless name =~ VALID_CERTNAME
     File.join(base, "#{name.downcase}.pem")
   end
 
+  private
+
   def permissions_for_setting(name)
     setting = Puppet.settings.setting(name)
     perm = { mode: setting.mode.to_i(8) }

data/locales/puppet.pot

@@ -6,11 +6,11 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: Puppet automation framework 8.0.1-21-gfe0e6b5ed8\n"
+"Project-Id-Version: Puppet automation framework 8.2.0-29-g809d465a09\n"
 "\n"
 "Report-Msgid-Bugs-To: https://tickets.puppetlabs.com\n"
-"POT-Creation-Date: 2023-06-06 21:41+0000\n"
-"PO-Revision-Date: 2023-06-06 21:41+0000\n"
+"POT-Creation-Date: 2023-09-21 23:07+0000\n"
+"PO-Revision-Date: 2023-09-21 23:07+0000\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -68,7 +68,7 @@ msgstr ""
 msgid "Another puppet instance is already running; --waitforlock flag used, waiting for running instance to finish."
 msgstr ""
 
-#: ../lib/puppet/agent.rb:101 ../lib/puppet/ssl/state_machine.rb:363 ../lib/puppet/ssl/state_machine.rb:394
+#: ../lib/puppet/agent.rb:101 ../lib/puppet/ssl/state_machine.rb:414 ../lib/puppet/ssl/state_machine.rb:445
 msgid "Will try again in %{time} seconds."
 msgstr ""
 
@@ -442,62 +442,70 @@ msgstr ""
 msgid "Manage SSL keys and certificates for puppet SSL clients"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:107
+#: ../lib/puppet/application/ssl.rb:112
 msgid "An action must be specified."
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:131 ../lib/puppet/application/ssl.rb:138
+#: ../lib/puppet/application/ssl.rb:136 ../lib/puppet/application/ssl.rb:143
 msgid "The certificate for '%{name}' has not yet been signed"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:149
+#: ../lib/puppet/application/ssl.rb:156
 msgid "Completed SSL initialization"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:153
+#: ../lib/puppet/application/ssl.rb:160
 msgid "Unknown action '%{action}'"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:167 ../lib/puppet/ssl/state_machine.rb:264
-msgid "Creating a new EC SSL key for %{name} using curve %{curve}"
+#: ../lib/puppet/application/ssl.rb:181
+msgid "Submitted certificate request for '%{name}' to %{url}"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:170
-msgid "Creating a new SSL key for %{name}"
+#: ../lib/puppet/application/ssl.rb:184
+msgid "Could not submit certificate request for '%{name}' to %{url} due to a conflict on the server"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:180
-msgid "Submitted certificate request for '%{name}' to %{url}"
+#: ../lib/puppet/application/ssl.rb:186 ../lib/puppet/application/ssl.rb:189
+msgid "Failed to submit certificate request: %{message}"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:183
-msgid "Could not submit certificate request for '%{name}' to %{url} due to a conflict on the server"
+#: ../lib/puppet/application/ssl.rb:201
+msgid "Generated certificate request in '%{path}'"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:185 ../lib/puppet/application/ssl.rb:188
-msgid "Failed to submit certificate request: %{message}"
+#: ../lib/puppet/application/ssl.rb:203
+msgid "Failed to generate certificate request: %{message}"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:196
+#: ../lib/puppet/application/ssl.rb:211
 msgid "Downloading certificate '%{name}' from %{url}"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:200
+#: ../lib/puppet/application/ssl.rb:215
 msgid "Downloaded certificate '%{name}' with fingerprint %{fingerprint}"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:213 ../lib/puppet/application/ssl.rb:216
+#: ../lib/puppet/application/ssl.rb:228 ../lib/puppet/application/ssl.rb:231
 msgid "Failed to download certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:245 ../lib/puppet/application/ssl.rb:248
+#: ../lib/puppet/application/ssl.rb:260 ../lib/puppet/application/ssl.rb:263
 msgid "Failed to connect to the CA to determine if certificate %{certname} has been cleaned"
 msgstr ""
 
-#: ../lib/puppet/application/ssl.rb:275
+#: ../lib/puppet/application/ssl.rb:290
 msgid "Removed %{label} %{path}"
 msgstr ""
 
+#: ../lib/puppet/application/ssl.rb:307 ../lib/puppet/ssl/state_machine.rb:273
+msgid "Creating a new EC SSL key for %{name} using curve %{curve}"
+msgstr ""
+
+#: ../lib/puppet/application/ssl.rb:310
+msgid "Creating a new SSL key for %{name}"
+msgstr ""
+
 #: ../lib/puppet/configurer.rb:22
 msgid "Puppet configuration client"
 msgstr ""
@@ -736,39 +744,39 @@ msgstr ""
 msgid "a data type can only have one implementation"
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:173
+#: ../lib/puppet/defaults.rb:169
 msgid "Cannot disable unrecognized warning types '%{invalid}'."
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:174
+#: ../lib/puppet/defaults.rb:170
 msgid "Valid values are '%{values}'."
 msgstr ""
 
 #. TRANSLATORS 'data_binding_terminus' is a setting and should not be translated
-#: ../lib/puppet/defaults.rb:565
+#: ../lib/puppet/defaults.rb:561
 msgid "Setting 'data_binding_terminus' is deprecated."
 msgstr ""
 
 #. TRANSLATORS 'hiera' should not be translated
-#: ../lib/puppet/defaults.rb:567
+#: ../lib/puppet/defaults.rb:563
 msgid "Convert custom terminus to hiera 5 API."
 msgstr ""
 
 #. TRANSLATORS 'environment_data_provider' is a setting and should not be translated
-#: ../lib/puppet/defaults.rb:761
+#: ../lib/puppet/defaults.rb:757
 msgid "Setting 'environment_data_provider' is deprecated."
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:852
+#: ../lib/puppet/defaults.rb:848
 msgid "Certificate names must be lower case"
 msgstr ""
 
-#: ../lib/puppet/defaults.rb:1111 ../lib/puppet/settings/enum_setting.rb:14 ../lib/puppet/settings/symbolic_enum_setting.rb:15
+#: ../lib/puppet/defaults.rb:1107 ../lib/puppet/settings/enum_setting.rb:14 ../lib/puppet/settings/symbolic_enum_setting.rb:15
 msgid "Invalid value '%{value}' for parameter %{name}. Allowed values are '%{allowed_values}'"
 msgstr ""
 
 #. TRANSLATORS 'pluginsync' is a setting and should not be translated
-#: ../lib/puppet/defaults.rb:2029
+#: ../lib/puppet/defaults.rb:2041
 msgid "Setting 'pluginsync' is deprecated."
 msgstr ""
 
@@ -1752,7 +1760,7 @@ msgstr ""
 msgid "Timeout waiting for exclusive lock on %{path}"
 msgstr ""
 
-#: ../lib/puppet/file_system/jruby.rb:19 ../lib/puppet/file_system/windows.rb:128 ../lib/puppet/util.rb:672
+#: ../lib/puppet/file_system/jruby.rb:19 ../lib/puppet/file_system/windows.rb:128 ../lib/puppet/util.rb:671
 msgid "Is a directory: %{directory}"
 msgstr ""
 
@@ -2226,11 +2234,11 @@ msgstr ""
 msgid "Run `puppet agent -t`"
 msgstr ""
 
-#: ../lib/puppet/http/client.rb:388
+#: ../lib/puppet/http/client.rb:390
 msgid "Sleeping for %{interval} seconds before retrying the request"
 msgstr ""
 
-#: ../lib/puppet/http/client.rb:438
+#: ../lib/puppet/http/client.rb:445
 msgid "HTTP REST queries cannot handle values of type '%{klass}'"
 msgstr ""
 
@@ -2274,6 +2282,10 @@ msgstr ""
 msgid "No content type in http response; cannot parse"
 msgstr ""
 
+#: ../lib/puppet/http/service/ca.rb:126
+msgid "SSL context must contain a client certificate."
+msgstr ""
+
 #: ../lib/puppet/indirector.rb:26
 msgid "Indirection %{indirection_name} does not exist"
 msgstr ""
@@ -3883,7 +3895,7 @@ msgstr ""
 msgid "The 'disable_per_environment_manifest' setting is true, and the '%{env_name}' environment has an environment.conf manifest that conflicts with the 'default_manifest' setting."
 msgstr ""
 
-#: ../lib/puppet/node/environment.rb:613 ../lib/puppet/pops/loaders.rb:306
+#: ../lib/puppet/node/environment.rb:615 ../lib/puppet/pops/loaders.rb:306
 msgid "Could not parse for environment %{env}: %{detail}"
 msgstr ""
 
@@ -7331,7 +7343,7 @@ msgstr ""
 msgid "%{name} has not declared what class it wraps"
 msgstr ""
 
-#: ../lib/puppet/ssl/base.rb:32 ../lib/puppet/x509/cert_provider.rb:375
+#: ../lib/puppet/ssl/base.rb:32 ../lib/puppet/x509/cert_provider.rb:384
 msgid "Certname %{name} must not contain unprintable or non-ASCII characters"
 msgstr ""
 
@@ -7431,23 +7443,23 @@ msgstr ""
 msgid "Server hostname '%{host}' did not match server certificate; %{expected_certnames}"
 msgstr ""
 
-#: ../lib/puppet/ssl/oids.rb:113
+#: ../lib/puppet/ssl/oids.rb:115
 msgid "Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': %{err}"
 msgstr ""
 
-#: ../lib/puppet/ssl/oids.rb:117
+#: ../lib/puppet/ssl/oids.rb:119
 msgid "Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': no such index '%{map_key}'"
 msgstr ""
 
-#: ../lib/puppet/ssl/oids.rb:121
+#: ../lib/puppet/ssl/oids.rb:123
 msgid "Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': data under index '%{map_key}' must be a Hash"
 msgstr ""
 
-#: ../lib/puppet/ssl/oids.rb:128
+#: ../lib/puppet/ssl/oids.rb:130
 msgid "Error loading ssl custom OIDs mapping file from '%{custom_oid_file}': incomplete definition of oid '%{oid}'"
 msgstr ""
 
-#: ../lib/puppet/ssl/oids.rb:160
+#: ../lib/puppet/ssl/oids.rb:162
 msgid "Error registering ssl custom OIDs mapping from file '%{custom_oid_file}': %{err}"
 msgstr ""
 
@@ -7543,31 +7555,31 @@ msgstr ""
 msgid "Certificate '%{subject}' failed verification (%{err}): %{err_utf8}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:77
+#: ../lib/puppet/ssl/state_machine.rb:74
 msgid "Verified CA bundle with digest (%{digest_type}) %{actual_digest}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:80
+#: ../lib/puppet/ssl/state_machine.rb:77
 msgid "CA bundle with digest (%{digest_type}) %{actual_digest} did not match expected digest %{expected_digest}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:96
+#: ../lib/puppet/ssl/state_machine.rb:93
 msgid "CA certificate is missing from the server"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:98
+#: ../lib/puppet/ssl/state_machine.rb:95
 msgid "Could not download CA certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:114
+#: ../lib/puppet/ssl/state_machine.rb:111
 msgid "Refreshing CA certificate"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:120
+#: ../lib/puppet/ssl/state_machine.rb:122
 msgid "CA certificate is unmodified, using existing CA certificate"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:122 ../lib/puppet/ssl/state_machine.rb:128
+#: ../lib/puppet/ssl/state_machine.rb:124 ../lib/puppet/ssl/state_machine.rb:130
 msgid "Failed to refresh CA certificate, using existing CA certificate: %{message}"
 msgstr ""
 
@@ -7583,71 +7595,91 @@ msgstr ""
 msgid "Refreshing CRL"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:215
+#: ../lib/puppet/ssl/state_machine.rb:220
 msgid "CRL is unmodified, using existing CRL"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:217 ../lib/puppet/ssl/state_machine.rb:223
+#: ../lib/puppet/ssl/state_machine.rb:222 ../lib/puppet/ssl/state_machine.rb:228
 msgid "Failed to refresh CRL, using existing CRL: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:250
+#: ../lib/puppet/ssl/state_machine.rb:255
 msgid "Loading/generating private key"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:267
+#: ../lib/puppet/ssl/state_machine.rb:276
 msgid "Creating a new RSA SSL key for %{name}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:297
+#: ../lib/puppet/ssl/state_machine.rb:315
 msgid "Generating and submitting a CSR"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:308
+#: ../lib/puppet/ssl/state_machine.rb:326
 msgid "Failed to submit the CSR, HTTP response was %{code}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:317
+#: ../lib/puppet/ssl/state_machine.rb:335
 msgid "Downloading client certificate"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:323
+#: ../lib/puppet/ssl/state_machine.rb:341
 msgid "Downloaded certificate for %{name} from %{url}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:334
+#: ../lib/puppet/ssl/state_machine.rb:352
 msgid "Failed to parse certificate: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:337
+#: ../lib/puppet/ssl/state_machine.rb:355
 msgid "Certificate for %{certname} has not been signed yet"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:338
+#: ../lib/puppet/ssl/state_machine.rb:356
 msgid "Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name})."
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:341
+#: ../lib/puppet/ssl/state_machine.rb:359
 msgid "Failed to retrieve certificate for %{certname}: %{message}"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:357
+#: ../lib/puppet/ssl/state_machine.rb:369
+msgid "Renewing client certificate"
+msgstr ""
+
+#: ../lib/puppet/ssl/state_machine.rb:382
+msgid "Renewed client certificate: %{cert_digest}, not before '%{not_before}', not after '%{not_after}'"
+msgstr ""
+
+#: ../lib/puppet/ssl/state_machine.rb:387
+msgid "Certificate autorenewal has not been enabled on the server."
+msgstr ""
+
+#: ../lib/puppet/ssl/state_machine.rb:389
+msgid "Failed to automatically renew certificate: %{code} %{reason}"
+msgstr ""
+
+#: ../lib/puppet/ssl/state_machine.rb:393
+msgid "Unable to automatically renew certificate: %{message}"
+msgstr ""
+
+#: ../lib/puppet/ssl/state_machine.rb:408
 msgid "Exiting now because the waitforcert setting is set to 0."
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:360
+#: ../lib/puppet/ssl/state_machine.rb:411
 msgid "Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}). Exiting now because the maxwaitforcert timeout has been exceeded."
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:389
+#: ../lib/puppet/ssl/state_machine.rb:440
 msgid "Another puppet instance is already running and the waitforlock setting is set to 0; exiting"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:391
+#: ../lib/puppet/ssl/state_machine.rb:442
 msgid "Another puppet instance is already running and the maxwaitforlock timeout has been exceeded; exiting"
 msgstr ""
 
-#: ../lib/puppet/ssl/state_machine.rb:393
+#: ../lib/puppet/ssl/state_machine.rb:444
 msgid "Another puppet instance is already running; waiting for it to finish"
 msgstr ""
 
@@ -8444,11 +8476,11 @@ msgstr ""
 msgid "path may not be nil"
 msgstr ""
 
-#: ../lib/puppet/util.rb:587
+#: ../lib/puppet/util.rb:586
 msgid "replace_file requires a block"
 msgstr ""
 
-#: ../lib/puppet/util.rb:591
+#: ../lib/puppet/util.rb:590
 msgid "replace_file default_mode: %{default_mode} is invalid"
 msgstr ""
 
@@ -8733,19 +8765,19 @@ msgstr ""
 msgid "Working directory %{cwd} does not exist!"
 msgstr ""
 
-#: ../lib/puppet/util/execution.rb:278
+#: ../lib/puppet/util/execution.rb:283
 msgid "Could not get output"
 msgstr ""
 
-#: ../lib/puppet/util/execution.rb:287
+#: ../lib/puppet/util/execution.rb:292
 msgid "Execution of '%{str}' returned %{exit_status}: %{output}"
 msgstr ""
 
-#: ../lib/puppet/util/execution.rb:364
+#: ../lib/puppet/util/execution.rb:369
 msgid "Could not execute posix command: %{detail}"
 msgstr ""
 
-#: ../lib/puppet/util/execution.rb:412
+#: ../lib/puppet/util/execution.rb:417
 msgid "Waiting for output; will sleep %{time_to_sleep} seconds"
 msgstr ""
 
@@ -9693,14 +9725,14 @@ msgstr ""
 msgid "Failed to load client certificate for '%{name}'"
 msgstr ""
 
-#: ../lib/puppet/x509/cert_provider.rb:329
+#: ../lib/puppet/x509/cert_provider.rb:336
 msgid "Failed to save certificate request for '%{name}'"
 msgstr ""
 
-#: ../lib/puppet/x509/cert_provider.rb:345
+#: ../lib/puppet/x509/cert_provider.rb:352
 msgid "Failed to load certificate request for '%{name}'"
 msgstr ""
 
-#: ../lib/puppet/x509/cert_provider.rb:358
+#: ../lib/puppet/x509/cert_provider.rb:365
 msgid "Failed to delete certificate request for '%{name}'"
 msgstr ""