How to reuse agents FQDN
I have a virtual machine template with puppet preinstalled. The ssldir is empty. So, when the puppet agent runs for the first time, it generates a new certificate and a new csr. Also, I put the master on autosign.
However, when the master has signed a certificate for the same FQDN previously, the agent runs on an error. The master won't sign another cert with the same FQDN.
When I see the error on the client in the log, I may delete the previous cert on the master (puppet cert clean fqdn). But this does not resolve the error. Upon the next run, the client still hangs on the same issue It says
Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
which would be correct before the clean-command, but after? Which certificate could have been retrieved, after I deleted it?
To resolve this, I have to empty the ssldir on the agent after I cleaned the cert on the master. (The after is important)
First question: Why is there still an error after I cleaned the certificate from the master?
Second question: Can I configure the puppetmaster to just sign the certificate, even if it matches a previous fqdn? Maybe auto-replace the old one?