Puppet complains of client/server cert mismatch but the certs do match

asked 2017-08-29 13:43:06 -0600

shines2 gravatar image

updated 2017-08-30 13:03:58 -0600

We are using a much older version of puppet 3.4.

The agent on many of my clients spews the following error:

Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: EA:86:93:B9:D4:A1:67:CA:89:4B:E8:26:EE:DB:06:3A:93:3C:62:FA:F4:A8:52:5E:21:6A:AF:0B:E7:5A:DE:97
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.

When checking the fingerprint of the cert on the server I find that it does in fact match the one on the client:

puppet cert fingerprint --all|grep <hostname>
 EA:86:93:B9:D4:A1:67:CA:89:4B:E8:26:EE:DB:06:3A:93:3C:62:FA:F4:A8:52:5E:21:6A:AF:0B:E7:5A:DE:97

Any ideas as to what may cause this to happen?

edit retag flag offensive close merge delete