Ask Your Question
2

Could not request certificate: The certificate retrieved from the master does not match the agent's private key

asked 2014-03-11 10:26:09 -0500

matt131 gravatar image

I'm trying to register a host in my Puppet Master, but when I run puppet agent -t I get the following error.

Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: ********************************* To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean *Host Name Replaced On the agent: rm -f /etc/puppetlabs/puppet/ssl/certs/Host Name Replaced* puppet agent -t

When i log on to the ... (more)

edit retag flag offensive close merge delete

Comments

Did you delete the whole /var/lib/puppet/ssl folder (on the client)?

ethrbunny gravatar imageethrbunny ( 2014-03-14 09:23:44 -0500 )edit

2 Answers

Sort by » oldest newest most voted
5

answered 2014-03-24 20:55:08 -0500

That is easy to fix.
execute on your puppet master.

puppet cert clean "yourhostnamehere"

execute on your puppet agent.

rm -f /etc/puppetlabs/puppet/ssl/certs/yourhostnamehere
find /var/lib/puppet -name *yourhostnamehere* -delete
puppet agent -t

back for your puppet master

puppet cert --list

check your name certificate and sign.

puppet cert --sign "yourhostnamehere"

come back to your puppet agent and be happy :D

puppet agent -t
edit flag offensive delete link more
0

answered 2014-03-24 04:37:31 -0500

Michal Bryxí gravatar image

Puppet acts pretty weird when there is not "good" DNS resolution in your environment. What helps me every time is to say puppet what certificate names it should use:

  1. Stop puppet and puppetmaster on client and master
  2. Clean up /etc/puppetlabs/puppet/ssl/certs/ on client and master
  3. Set node name on client and master in your puppet.conf

Example:

[master]
  certname=mypuppetmaster.domain.tld
[agent]
  certname=mynode.domain.tld

Then try starting master and client.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-03-11 10:26:09 -0500

Seen: 22,380 times

Last updated: Mar 24 '14