PuppetDB：连接被拒绝

我正在尝试让 PuppetDB 在我的 puppetmaster 机器上运行。问题是我在运行代理时总是收到以下消息：

err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for handsoff.dc0.testing.de to PuppetDB at handsoff:8081: Connection refused - connect(2)

puppetmaster、puppetdb和数据库都运行在同一个主机“handsoff”上。

这是我的/etc/puppet/puppetdb.conf

[main]
server = handsoff
port = 8081

我的/etc/puppetdb/jetty.ini

[jetty]
# Hostname or IP address to listen for clear-text HTTP.  Default is localhost
# host = <host>

# Port to listen on for clear-text HTTP.
port = 8080


# The following are SSL specific settings. They can be configured
# automatically with the tool `puppetdb ssl-setup`, which is normally
# ran during package installation.

# The host or IP address to listen on for HTTPS connections
ssl-host = localhost

# The port to listen on for HTTPS connections
ssl-port = 8081

# Private key path
ssl-key = /etc/puppetdb/ssl/private.pem

# Public certificate path
ssl-cert = /etc/puppetdb/ssl/public.pem

# Certificate authority path
ssl-ca-cert = /etc/puppetdb/ssl/ca.pem

certificate-whitelist = /etc/puppetdb/ssl-whitelist

以及 ssl-whitelist 文件：

localhost
handsoff
handsoff.dc0.testing.de

lsof 显示监听端口

# lsof -i -P | grep puppetdb | grep 80
java     2549      puppetdb   20u  IPv6   4982      0t0  TCP localhost:8080 (LISTEN)
java     2549      puppetdb   34u  IPv6   9353      0t0  TCP localhost:8081 (LISTEN)

在我的 /etc/hosts 中有以下几行

127.0.0.1   localhost
127.0.1.1   handsoff handsoff.dc0.testing.de

因此，从我的角度来看，puppet 应该能够通过 localhost 和 handsoff 连接到端口 8081 上的 puppetdb。（我测试了两者，结果相同）

您知道这个设置可能存在什么问题吗？

编辑：我也尝试在我的中设置此项puppetdb.conf：

[main]
server = localhost
port = 8081

但后来我明白了err: Could not retrieve catalog from remote server: Error 400 on SERVER: Failed to submit 'replace facts' command for handsoff.dc0.testing.de to PuppetDB at localhost:8081: hostname does not match the server certificate

我使用的是自签名证书（使用 apt-get 安装后没有做任何更改）。我猜白名单会允许我以这种方式使用证书。这错了吗？