Ask Your Question

Reocurring Certificate Problem

asked 2018-05-23 02:17:24 -0600

Ziim94 gravatar image


My puppet agents constantly have the following problem "Could not request certificate: The certificate retrieved from the master does not match the agent's private key.". I have read and found quite a few solutions on forums. One of the most mentioned one is to regenerate the certificates after removing them on both the Puppet agent and master. However, in my case it's a temporary fix. The agents seem fine for 6-7 hours until they return in an error state again (Error: Could not request certificate).

I am trying to find the root cause of this problem so I can permanently fix the problem instead of regenerating the certificates 2 to 3 times a day.

I hope someone can help.

Thanks in advance!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-05-23 12:30:51 -0600

Asaithambi Ramalingam gravatar image

updated 2018-05-23 12:32:19 -0600

Hi Here I would like to share my suggestion, Hope you were tried those steps.. But I though you missed something .. I am not sure. You may try this steps once again

  1. stop the agent on the node
  2. Go to PUPPET MASTER give this command - puppet cert list -all . It will show all node certificate
  3. Revoke the concern certificate (puppet node purge <certname>)
  4. unpin-from-all from node
  5. Clean the node on the Puppet Master - puppet cert clean node fqdn
  6. Uninstall agent on the node
  7. On the master, navigate to /opt/puppetlabs/bin/ and copy puppet-enterprise-uninstaller to the agent node you want to uninstall
  8. On the agent node, run the unistaller: puppet-enterprise-uninstaller which you copied from the PE
  9. Follow prompts to uninstall
  10. Remove the agent certificate for the agent from the master: puppet cert clean <agent cert="" name="">

SO you have completely removed puppet node . Make sure everything removed in both node and master

  1. Add node as new installation
  2. request certificate from node
  3. Accept requested sign on the PE

Later check is this method will show you luck

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-05-23 02:17:24 -0600

Seen: 191 times

Last updated: May 23