About | FAQ | Help
Ask Your Question
0

Reocurring Certificate Problem

asked 2018-05-23 02:17:24 -0500

Ziim94 gravatar image

Hello,

My puppet agents constantly have the following problem "Could not request certificate: The certificate retrieved from the master does not match the agent's private key.". I have read and found quite a few solutions on forums. One of the most mentioned one is to regenerate the certificates after removing them on both the Puppet agent and master. However, in my case it's a temporary fix. The agents seem fine for 6-7 hours until they return in an error state again (Error: Could not request certificate).

I am trying to find the root cause of this problem so I can permanently fix the problem instead of regenerating the certificates 2 to 3 times a day.

I hope someone can help.

Thanks in advance!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-05-23 12:30:51 -0500

Asaithambi Ramalingam gravatar image

updated 2018-05-23 12:32:19 -0500

Hi Here I would like to share my suggestion, Hope you were tried those steps.. But I though you missed something .. I am not sure. You may try this steps once again

  1. stop the agent on the node
  2. Go to PUPPET MASTER give this command - puppet cert list -all . It will show all node certificate
  3. Revoke the concern certificate (puppet node purge <certname>)
  4. unpin-from-all from node
  5. Clean the node on the Puppet Master - puppet cert clean node fqdn
  6. Uninstall agent on the node
  7. On the master, navigate to /opt/puppetlabs/bin/ and copy puppet-enterprise-uninstaller to the agent node you want to uninstall
  8. On the agent node, run the unistaller: puppet-enterprise-uninstaller which you copied from the PE
  9. Follow prompts to uninstall
  10. Remove the agent certificate for the agent from the master: puppet cert clean <agent cert="" name="">

SO you have completely removed puppet node . Make sure everything removed in both node and master

  1. Add node as new installation
  2. request certificate from node
  3. Accept requested sign on the PE

Later check is this method will show you luck

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-05-23 02:17:24 -0500

Seen: 109 times

Last updated: May 23